POL00413502
POL00413502
POL00413502
POL00413502
Contents
A message from our Group Chief Executive 3
Our Code and how we speak up
Why we have a Code 4
Upholding the Code 5
Our ways of working 7
How to make good decisions 8
How do I speak up? 9
No retaliation 10
Our Colleagues
Diversity and inclusion 12
Prevent bullying and harassment 13
Create a safe and healthy work environment 14
Avoiding conflicts of interest 15
Our Business
Prevent bribery and corruption 18
Gifts and hospitality 19
Prevent financial crime 20
Prevention of Modern Slavery 21
Working with suppliers 22
Use of computers, internet, phones and email 23
Protecting Post Office Information 24
Managing personal data properly 25
Maintaining accurate business records 26
Financial Accuracy and integrity 26
Managing risk 27
Protecting the environment 28
The use of social media 29
Communication with the public 30
Glossary 31
I
This document has been
ibe Bal reviewed by the
re)
S
mage % Institute of Business Ethics
Our Code of Business Conduct Nov 2023 v11 2
POL00413502
POL00413502
A message from our Group Chief Executive
Welcome to the most important document we have at Post
Office — our Code of Business Conduct.
If we are to earn the trust of our customers, colleagues, and
the communities we serve, we must act in a responsible,
ethical, and lawful way. It is important to me that we maintain
the trust of our customers, colleagues, and the communities
we serve.
Our ‘Ways of Working’ underpin everything that we do, they
are the ‘How’ of our business strategy. They differentiate our
business and aim to inspire great behaviours. We know that
by working in partnership, as one team, we deliver
amazing results.
Our Code of Business Conduct (the “Code”) defines the
expectations we have for how we act and how we make
decisions. It sets out our clear standards of conduct to ensure
that we always do what is right. The Code of Business
Conduct should help every one of us live out our purpose that
we are here, in person for the people who rely on us.
The way that we conduct business has never been more
important which is why I expect everyone at Post Office to
follow our Code, advocate for others to do the same, and feel
empowered to speak up if you are ever in doubt or have
questions. As our Code explains, our Speak Up channels are
here for you. Remember, Post Office does not tolerate
retaliation of any kind. We will always listen to you. I
expect leaders and managers to foster a culture where
employees feel free to ask questions and raise concerns
when something doesn't seem right.
Read and re-read our Code. It matters. Think about how it
applies to your work. Consider how your behaviours, actions
and decisions may affect others. Speak up when you have
concerns and always do what's right.
I am proud to work for a company that has the highest
standards of integrity and which passionately protects its
people and reputation.
Sincerely
Group Chief Executive Officer
Why we have a Code
Doing what's right means we must always act with Our Code is for everyone working for and with Post
integrity and be open and honest to ensure we are Office: employees, directors, contractors,
trusted by our customers, colleagues, Postmasters, Postmasters, business and retail partners, and
Retail Partners and the communities in which we work. suppliers. We expect our Postmasters, business and
retail partners and suppliers to uphold the same
Who is the Code for? standards,
What is the Code?
Our Code of Business Conduct Nov 2023 v11 3
The Code is a centrepiece to our ethical culture. It sets
out what we stand for, the principles we hold ourselves
accountable to, and what we expect from every single
person working for and with Post Office, helping us all
make informed decisions and good choices.
Sometimes, you might face a situation where the right
thing to do is not obvious. That is where our Code of
Business Conduct can help. It is always here as a
guide to preserving our reputation. While the Code
cannot answer every question, it can show you where
to go for guidance when the answer is not clear.
The code enables you to:
= Conduct yourself honestly and ethically.
= Upholds our ways of working and protect our
reputation.
= Understand what Post Office expects from you.
« Make good decisions every day.
Sometimes doing what’s right is
easier said than done. There
are times when we all could use
a little help to feel confident that
we are making good choices.
Our Code is here to do that.
Upholding the Code
Employees’ Responsibilities
Know and live the
Code. Read it and follow
it, along with any other
policies that apply to our
roles.
Follow the law.
Complete mandatory
training as required ina
timely manner.
POL00413502
POL00413502
« Comply with the laws, regulations and standards
that apply to our Company.
« Understand where to go for assistance or guidance
if you have any questions.
What are the consequences of not
complying with the Code?
There are very serious consequences for not
complying with our Code which could result in
disciplinary action, up to and including dismissal or
termination of contract.
If an act violates the law, it could result in fines or
criminal prosecution.
When do we review the code?
The Code will be reviewed every three years and we
may modify the Code as necessary. Any modifications
will be approved by Post Office General Executive
and the Board.
Behave in an ethical
manner. Use good
judgment, being honest
and ethical in every
action and decision you
take.
Speak up. Prevent harm
to our company and its
reputation by reporting
Understand and ensure
compliance with legal
and regulatory
Ask for help. When an
answer is not clear, ask
for guidance before
Pn PEON Sas
concerns if you feel a
working practice is not
ethical or safe or it
POL00413502
POL00413502
Post Office reputation depends on the behaviour of each and every one
of us.
People managers and leaders have additional responsibilities to serve as a positive role model in every respect and to
help our employees review, understand and apply the Code. The way our managers make decisions and handle
concerns, different opinions, and even bad news, will set the foundation for trust with teams.
Take these simple steps to build a culture of trust and integrity within your team.
Lead by example and
model the Code. Take
personal responsibility for
promoting and reinforcing
the principles and
standards set out in the
Code.
Expect the best. Ensure
team members know that
for results to matter, they
must be achieved the
right way. Be consistent
in what you say and do.
Ensure your team
members, including new
joiners have read the
Code and completed
mandatory training.
Be responsive and
create a “speak up”
culture.
Take seriously any
concern raised and never
retaliate against
someone who raises a
concern.
Be informed. Recognise
that you may not always
find the answers that you
need in the Code, so
know where to go for
answers when there are
questions.
Take action. Take
corrective or preventive
action when someone
violates the Code.
POL00413502
POL00413502
As a leader, you have special responsibility for setting the culture and the
work environment of your team
Our Postmasters and branch colleagues are there, 2 :
in person, serving communities across the UK day We work in partnership
in, day out. Our role at Post Office is to be there for
Postmasters, retail partners and Directly Managed
Branches, supporting them and helping them to
thrive.
How we do it.
Our Ways of Working provide the answer. They set
out how we need to work together to deliver our
Purpose. Our Ways of Working are wrapped around
our ‘We are Post Office’ colleague commitments,
where we celebrate diversity and inclusion,
encourage learning and growing, and champion
taking care of and supporting each other.
Our Ways of Working reflect our culture where we
work in partnership with our Postmasters and
collaboratively work together to achieve the same We are one team We deliver
aims. A place where colleagues are encouraged to
speak up, feel safe to raise issues and are empowered
to make a difference.
s x
14 sure
, -
™Pioning care an
In short: Working in partnership, as one team, we
deliver amazing results!
We work in
We are one tea’ We deliver
artnershi I
We place those who work in .
Post Office branches at the We collaborate and share freely. We are reliable and always do what
centre of everything we do. y
We invest time and energy into We listen to understand and then We are passionate about the
trusted and valued partnerships. respond. service we provide.
We build lasting relationships We celebrate success and say thank
with all partners. you often. We learn from our mistakes.
Our Code of Business Conduct Nov 2023 v11 6
We respect and recognise each
other's challenges.
We enable our Postmasters and
DMBs to serve their
We are helpful,
communities.
We are stronger together.
We act with integrity and are open and
friendly, and available.
We trust and empower everyone to
make decisions.
honest.
How to make Good Decisions
We trust and empower everyone to make decision. Use our ethical decision-making model to support in making good
decisions.
Ethical decision-making model
faced with a
e of dilemma
Pause
Think
and Ask yourself
Is itin line
with our
Code?
{sit legal
and ethical?
Would it be
acceptable
that anyone
in the
company did
it
POL00413502
POL00413502
We embrace change and find ways
to innovate and improve.
We are outcome driven.
We work to keep it simple and get
stuff done.
‘Would I be
comfortable
ifmy
decision was
made public
internally or
externally?
How might it
It looks like a good decision but
if you have any doubts, talk to
your manager.
If the answer to any of these
questions is ‘no’ then think again
about what to do, talk to your
manager, or use the reporting
channels to speak up
Speak to the Compliance, Legal
or People team
Making good decision and ethical choices builds trust between each of
us and the people we interact with.
How do I speak up?
To help us build the Post Office of the future
we are committed to doing things correctly
and we want you to always raise issues and
concerns with us. A healthy organisation is
one where people can speak up without fear
and, as a result, stop harm.
Noticing a problem and speaking up about it
helps us address issues quickly. This in turn
helps ensure that we can enhance Post
Office’s processes and controls and support
our Postmasters and the communities that
we serve.
You must never ignore unethical or
unprofessional behaviour. We all have a
responsibility to speak up, if we witness or
otherwise learn about the company’s
standards and reputation being put at risk by
unethical, unprofessional or even criminal
behaviour, we must immediately report it.
We don't have to have all the facts or evidence
available to report a concern, the key element
is to make sure it is reported.
If you feel you cannot question or challenge a
colleague directly you can use the reporting
model opposite that shows how
we can all raise issues of concerns:
What happens next?
When a concern is
raised via the
confidential Speak up
line, the whistieblowing
team will decide
whether to handle the
concern through
management action or
an investigation
iv]
We encourage you to discuss
any issues or concerns that you
have with your line manager.
Are you comfortable reporting it
to your line manager?
a
If you are not comfortable
discussing the issue with your
line manager are you
comfortable reporting it to
another manager?
Ifit not appropriate to discuss
the issue with your line
manager. You can discuss the
matter with your People partner.
Are you comfortable speaking to
your People Partner?
Discu:
Discuss i:
POL00413502
POL00413502
ue or concern with
your line manager?
Discuss issue or concer with
another manager?
SS it ir concern with
you People Partner?
Report it confidentially via
(4) Speak Up Manager: {
External Speak Up service where you have an option to remain anonymous
Website: http//speakup.postoffie.co.uk/
I ithandied as a
management action, the
business will provide
I guidance and support to
I those involved. If we
decide to investigate. A
thorough investigation
I will be undertaken,
obtaining and analysing
I the relevant facts to
I make a determination
from the business will
discuss the findings and
decide what action
should be taken. This
may include disciplinary
action consistent with
our Conduct policy.
Feedback is provided to
the individual who
raised the concern, in
accordance with our
confidentiality
principles.
Learn More
Speaking Up Policy
No retaliation
Our Code of Business Conduct
Nov 2023 v11 8
It takes courage to speak up when something's not right. We
understand that you might be uncomfortable or anxious. That
is why we do not tolerate retaliation of any kind.
We do not tolerate retaliation for:
« Refusing to do something that violates our Code, policies
or the law.
= Raising a concern in good faith about potential
misconduct.
= Cooperating with an investigation
Examples of retaliation might include demotion, firing, a
reduced salary, job reassignment, threats, harassment or any
other action taken against someone because they raised a
concern, participated in an investigation, or attempted to
deter someone from violating.
Aconcern raised honestly even if it turns out to be unfounded
is never an excuse for any kind of retaliation.
We take serious action, typically disciplinary action, against
any individual who threatens or retaliates against individuals
who have raised their concerns
No false accusations
As much as we encourage honest reporting, we do not tolerate
knowingly false reports. Making a false accusation can divert
investigatory resources away from credible good-faith
concerns and damage morale.
Report when you have a reasonable, good-faith belief that it is
true, but never knowingly make a false accusation, lie to
investigators or refuse to cooperate ip apa
these actions may also violg
Our employees
POL00413502
POL00413502
out if I raise a concern. Wil
confidential?
Protecting the identity of people who raise a
concern in good faith is our priority. Post
Office will not tolerate retaliation against an
employee who raises a genuine concern. We
will keep what you tell us private and
confidential throughout the investigation
process, subject to our legal obligations.
Anonymous reporting is also available
through our external Speak Up line, although
note that this may limit our ability to conduct
an investigation.
1am a contractor working at Post Office
and I have a concern to report. Can I use
the External Speak up line?
Yes. The external Speak Up line is for the use
of employees and contractors as well as
Postmaster, retail partners and suppliers.
Embracing diversity and inclusion means we must:
Uphold the law regarding human rights and
equality.
Act with the highest standards of conduct and
integrity and show respect towards others in our
dealings.
Strive to promote fairness and equal opportunities
for employment and promotion based on merit.
Not tolerate discrimination or harassment on the
Our Code of Business Conduct
POL00413502
POL00413502
ie
i
i
;
'
i
Post Office strives to build an inclusive workplace
where we celebrate diversity and inclusion, where all
employees feel a sense of belonging and are valued
for who they are and the differences they bring. Post
Office does not tolerate harassment based on the
grounds of race, ethnic or national origin, disability,
martial or civil partner status, sexual orientation,
pregnancy or maternity, age, religion or belief, sex and
gender reassignment.
Nov 2023 v11 10
POL00413502
POL00413502
I Learn More
I Equality, Diversity and Inclusion Policy
I Dignity at Work Policy
Examples of meeting standards are:
I want to make a promotion decision. One : ‘
colleague is 55 and the other is 30. Should - Showing compassion and empathy, as
I promote the younger colleague since they
appropriate, to people we work or come in
may work for us for more years before contact With
nae . Taking a proactive approach to
retiring? opposing discrimination and encourage
reporting.
. Acting and making decisions on merit,
No. We only make employment decisions without prejudice.
based on merit. Age should not be a deciding . Considering the needs of the
factor. protected characteristic groupings.
. Actively seeking or using opportunities
to promote equality and diversity.
We work better together because of our ditterences, not despite them.
Our Code of Business Conduct Nov 2023 v11 11
POL00413502
POL00413502
Prevent bullying and harassment
Post Office will not tolerate inappropriate behaviour,
including bullying, harassment or abuse of authority.
We may instigate disciplinary or legal action against
people who harass, bully or abuse their authority.
We must:
= Celebrate diversity and inclusion at Post Office.
«Treat each other with respect, regardless of role,
employment status or length of service.
= Challenge any unfair behavior.
« Foster a culture in which anyone can comfortably raise
a concern without fear of retaliation.
= Comply with Diversity and Inclusion, and Dignity at
Work policies.
« Ensure that our communications abide by this Code,
no matter how informal the situation.
« Speak up through the relevant channels if you think a
colleague is being bullied or harassed.
= Ensure that our conduct when at off-site events is as it
would be at work (i.e., social/team events).
= Complete unconscious bias training if involved in
recruitment and hiring of others.
We must never bully, harass, abuse, threaten or act
violently toward others.
I Learn More
I Equality. Diversity and Inclusion Policy
I Dignity at Work Policy
A friend sent me an email with some rude
jokes which I think are funny. Can I email
them to my work colleagues?
No. We treat all employees with dignity and
respect and what you consider funny might be
offensive to others. Always ask yourself if your
actions might be offensive, abusive or
intimidating to others.
Creating a safe and healthy work em.
Whether working in an office, branch, depot, at home,
commuting to work or out in the field nothing is more
important than your safety.
Our Code of Business Conduct
Stereotyping, whether it be a joke or not, is an
obstacle to the inclusive environment we
expect in the workplace and can be a form of
discrimination. This situation, or any concern
about inappropriate or non-inclusive
behaviour should be reported to the line
manager or People team.
My colleague arrives at work under the
influence of alcohol. I know they are having
difficulties at home. What should I do?
We comply with all applicable legislation and regulations and
aim to continuously improve health and safety performance.
We expect everyone at Post Office to behave in a safe and
responsible manner at all times.
Everyone at Post Office has a role to play and we must:
= Follow health and safety policies, risk assessments,
standards, procedures, laws and regulations to look after
ourselves and the safety of others.
« Work and behave safely, so that we do not endanger
ourselves or others.
= Make sure you know what to do if an emergency occurs
at your place of work, on the road or at a location you are
visiting.
« — Intervene when we think someone's safety is at risk.
= Promptly report any actual or near miss accident or injury,
illness, unsafe or unhealthy condition so that steps can be
taken to correct, prevent of control these conditions
immediately.
= Complete mandatory and role specific Health and Safety
training in a timely manner.
«Never work under the influence of drugs, alcohol.
= Always drive safely and legally and
- Always wear a seatbelt.
- Always obey the speed limit.
- Never use a handheld mobile or device when
driving.
oO
Learn More
Health and Safety Policy
Alcohol and Drugs Policy
Physical Security Policy
POL00413502
POL00413502
It is important that you discuss the issue with
your line manager. The use of alcohol is likely
to be affecting their wellbeing, safety and
quality of work. It is likely that your colleague
needs help and support in dealing with their
difficulties.
We do not tolerate anyone
being under the influence of
illegal drugs while working.
Avoiding conflicts of interest
Conflicts of interest can arise when our personal relationships
or financial interests overlap with our job responsibilities. If we
don't navigate potential conflicts of interest carefully, these
situations can impact the decisions we make, erode trust within
teams, and harm Post Office's reputation.
In business, the line between personal and professional
interests can become easily blurred. Separating the two can be
challenging, especially when personal relationships, outside
employment or investments are involved. We are all expected
to act in the best interest of the company. This means we must
never allow our personal interests to influence our actions on
Our Code of Business Conduct
POL00413502
POL00413502
behalf of Post Office. Every decision we make while on the job
must be objective and with the company’s business interests in
mind.
We must:
= Act in the best interests of Post Office. We must not do
anything which conflicts with our duty as an employee of
the company or use our position for private advantage.
= Avoid situations where a personal relationship or financial interest in another company might influence decisions
we make in our job.
= Understand that a conflict can exist even if we are convinced that our decisions will not be affected by an
outside relationship.
= When a conflict of interest arises, ensure these are disclosed, and advice and approval is gained from the Chief
People Officer.
= Before taking on outside work, ensure that the work does not harm Post Office’s business interests.
If you find yourself in a position where your personal and business interests potentially come into conflict, you are
required to declare, obtain approval and register these potential conflicts of interests. Any actual conflicts must be
avoided/removed
To help you decide whether you are facing a potential conflict of interest, imagine you are explaining your actions to
friends, a colleague or the media and consider whether you would feel comfortable. Your line manager will be able
to assist you in determining whether a conflict exists, and whether it is an actual or potential case.
Aclose friend is applying for a job in Post
Office. It this ok?
We encourage you to recommend Post Office
as a great place to work. You must ensure
that you are not involved in the recruitment
process.
Our Code of Business Conduct Nov 2023 v11 14
POL00413502
POL00413502
Conflicts of interest
Family Member and Close Working
Relationships
I have just found out that a member of my
team has been dating his subordinate for
Relationships with family members and close personal friends several months. Should I do something?
can influence our decisions. It is important to be careful about
company business decisions that involve close personal
relationships.
This is a very sensitive situation. We respect
employees’ private lives, and therefore we do
not need or want to know about their romantic
= Avoid taking part in the hiring or promotion of family members. relationships. However, we do have a
« — Avoid holding a position with access to or influence over, legitimate interest in their professional
performance appraisals, salary information or other relationship, namely when one reports to the
confidential information related to a family member. nae a
= Avoid the procurement of services of family members or other or is in a position of authority or control
To prevent conflicts of interest we must:
friends. over the other person. The situation you
= Report any family member and close working relationship to describe is not appropriate because there is a
the People team. conflict of interests. A manager cannot be
. expected to judge their subordinate
Outside Board Members objectively if they are romantically involved.
. I . - You should consult your manager or a
Serving on outside boards can present conflicts of interest and member of the People team. Depending on
should be disclosed and discussed with line managers. Before i
accepting memberships on any board, it is important to understan: the facts and circumstances, there may also
one’s legal responsibilities and avoid affiliations that carry be a sexual harassment issue.
potential for distraction and conflict of interest.
We respect your right to engage in political activity to support political groups. You can only offer support and
contributions to political activities in a personal capacity.
Post Office is a politically neutral company, and our reputation must not be compromised by your interest,
affiliation or activities to a political party's pressure groups or other causes.
We must:
Ensure any contrib) live no impressions
POL00413502
POL00413502
influence Or secure an improper advantage. Ifyou are offered gifts or hospitality, always consider
how the acceptance of the gift or hospitality would be
The consequences of violating bribery laws can be viewed by others or could be portrayed by the media -
severe — for you and for the Company. would others see it as appropriate and proportionate?
A gift, the promise of a job, the offer of a trip, a We responsibly invest in our business relationships but
Our Code of Business Conduct Nov 2023 v11 16
never offer or accept gifts, hospitality of entertainment
or anything else of value to improperly influence
people. An overly generous gift can pressure the
recipient to return the favour or feel indebted to the
iv]
Learn More
Anti-bribery and Corruption Policy
Gifts
The giving and receiving of gifts to an external 3%
party should ordinarily be below £100 per person in
value (and must also be approved by your GE
Member).
Items costing £20 or less, such as pens, calendars,
diaries, notepads and paperweights do not need to be
reported and approved.
We must:
= Not accept cash or cash equivalent (e.g. Gift
Cards).
Hospitality and Entertainment
Numbers on both sides should be limited to those
whose presence is necessary to progress the business
in hand.
Hospitality should be reasonable (not lavish or
extravagant), proportionate to its purpose and must
ordinarily be below £200 per person in value (if over
£200 it must also be approved by your GE member).
Our Code of Business Conduct
POL00413502
POL00413502
giver — with decisions that benefit the giver and create
a conflict of interest or perception of a conflict of
interest.
Post Office has zero tolerance towards
bribery. Bribery is not only unethical, but
also illegal.
Small offers of hospitality such as tea, coffee,
sandwiches, etc. do not need to be recorded via the
gifts and hospitality too, but the recipient details must
be recorded fully on the expenses claim via the Selenity
Expense Reporting Tool.
We must:
* Familiarise ourselves with and follow the Anti-
bribery and Corruption policy and procedures.
= Always make clear, internally and when dealing
with third parties, that Post Office has a zero-
tolerance approach to bribery and corruption and
will not (directly or indirectly) offer, pay, seek or
accept a payment, gift or favour to improperly
influence a business outcome.
« Apply this code in good faith to ensure gifts and
hospitality are never considered to be excessive,
confer improper advantage or create an actual or
perceived conflict of interest.
* Familiarise and observe monetary limits that Post
Office has set separately for gifts and hospitality.
« Ensure all gifts and hospitality are reported and
Nov 2023 v11 17
POL00413502
POL00413502
approved, prior to the offer or acceptance. competition with it. (You must declare to your.
= Never accept cash or cash equivalent (e.g. Gift manager any plan to accept sponsorship and ask if
Cards). there is any conflict.)
= Not offer or accept any gifts or hospitality if the third « Immediately notify our line manager if we become
party or Post Office is currently or about to tender aware of any suggested or actual payment or other
for a contract for services involving the other transaction which has the potential to be in breach
party. of the Anti- Bribery and Corruption Policy.
= Not ask for or accept sporting or charitable * Complete mandatory Anti-Bribery and Corruption
sponsorship from an organisation that has (or is training in a timely manner.
seeking) a contract to supply the company or is in
fam More I have been invited out to dinner by a
potential supplier currently bidding for a
new contract. What should I do?
Gifts and Hospitality Reporting Tool
You should decline. It is inappropriate to go
for dinner with a supplier during a tender
process.
Prevent financial crime
At Post Office we are committed to conducting business in a way that prevents the use of our product, services and
business transactions by those who might abuse them, and we all have a responsibility to ensure that the highest
standards of financial crime prevention, detection and management are maintained.
Failure to manage Financial Crime risks and incidents appropriately could have serious consequences for Post Office
including financial loss, customer impact, regulatory breaches, fines, prosecution, prevention from selling a particular
product, loss of existing or future contracts/relationships and damage to reputation.
Financial Crime” is any offence involving: fraud or dishonesty, misconduct in, or misuse of information or handling
the proceeds of crime. It can be internal (by individuals within Post Office) or external (by criminals using Post Office
to facilitate financial crime). Financial Crime is commonly considered as including one or a combination of the
following offences:
Information
‘ Bribery and Tax evasion ‘ Terrorist Money
iraug Cybercrime Corruption facilitation aoe financing laundering
Post Office has a range of approved policies, business We must:
procedures and controls designed to prevent activities
that could facilitate financial crime, and it is important « Familiarise ourselves with and follow all Post
you always follow these. Office policies.
« Understand and follow procedures and internal
Money laundering is the process criminals use to controls that are designed to prevent financial
conceal, disguise, and dispose of money and assets crime or money laundering.
obtained from criminal activity, such as terrorism, drug « Be proactive when it comes to spotting behavior or
dealing, tax evasion, human trafficking and fraud, and transactions that might signal a problem and
change them into clean money or assets that have no ensure we report our concerns as soon as possible
obvious link to their criminal origins. (suspicions of money laundering should be
reported to Grapevine o1
You may be committing an offence and be prosecuted * Complete mandatory Anti-Money Laundering and
if you facilitate or carry out a transaction where you Counter Terrorist Financing training in a timely
know, or suspect, that the funds are intended for use manner.
in support of money laundering or terrorism,
regardless of whether the funds were the proceeds of
criminal activity or lawfully derived.
Our Code of Business Conduct Any activity whese thereds a
suspected link to money
laundering needs to be
POL00413502
POL00413502
J
Learn More
Anti-Money Laundering and Counter Terrorist
Financial Crime Policy
Speaking Up Policy
Prevention of Modern Slavery
Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery,
servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a
person’s liberty in order to exploit them for personal or commercial gain.
Post Office is committed to acting ethically and with integrity in all our business dealings and relationships and to
implementing and enforcing the systems and controls set out in our Modern Slavery Statement with the aim of
ensuring that modern slavery is not taking place anywhere in our own business or in any of our supply chains.
The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the
responsibility of all Post Office employees at all levels.
We must:
« Read our Post Office Modern Slavery statement which can be found on our website here
= Complete the mandatory Modern Slavery and Human Trafficking training in a timely manner.
If you have any concerns about the issues raised in the statement or if you think you have identified signs of modern
slavery within our business or supply chains, please Speak up.
iv]
Learn More
Modern Slavery Statement
I heard a supplier created a work experience
program that allows minors under the age of 16
to work unlimited hours per week without pay.
Should I be concerned?
Yes. The program you describe violates child
labour laws and raised suspicion of human
trafficking and modern slavery. You should report
this concern.
Our Code of Business Conduct
Working with suppliers
As a publicly funded organisation, we are committed to ensuring that
we deliver value for money through our trusted and valued
partnerships with suppliers. We are subject to the Public Contract
Regulations (“PCR”) 2015, which mandate the processes we must
follow, from the initial supplier selection through to sourcing
competitions and contract award. These processes are designed to:
« — Stimulate market competition for public contracts.
* Deliver value for money and innovation.
« Ensure equal treatment and transparency with all suppliers.
= Ensure contracts are awarded fairly.
We must ensure that our commercial activity is compliant with the
legislation and demonstrates our commitment to best practice.
Maintaining our reputation for ethical business integrity is absolutely
vital and we must also ensure that we partner with suitable suppliers
who will align with our ways of working.
If you work with suppliers, you must:
= Complete the Procurement online Training module.
= Consult with the Procurement team for advice, and to ensure that
processes are followed.
* Familiarise yourself with the Procurement Policy, Purchasing
Process, and the associated procedures on our Hub page.
« Ensure there is no commitment or contractual engagement with
Suppliers until they are onboarded correctly, which includes
accepting the Supplier Code of Conduct and other guidance
documents.
Once a Supplier has been selected and a contract is in place, you must:
= Ensure that Purchasing process is followed to ensure that orders
are raised and managed so that we are only paying for the goods or
services that we have received.
* Ensure that contracts are managed effectively in line with our
policies and controls.
= — Notify your Line Manager and the Procurement team if they know
of or suspect that third party suppliers are not meeting
requirements or if they are performing contrary to the agreed
contractual terms.
Learn More
Procurement Policy
Purchasing Process
Contract Execution Policy
Supplier Code of Conduct
POL00413502
POL00413502
Use of computers, internet, phones and emails
The security of our information and IT systems is systems, information and devices such as laptops and
critical. Many of us will have access to Post Office mobile phones. It's important that anyone who
Our Code of Business Conduct
Nov 2023 v11
20
accesses them knows how to keep them secure by
following the requirements in the Cyber and
Information Security policy. Failure to comply with the
Cyber and Information Security policy can carry
profound consequences for you and Post Office.
Breaches of the policy may lead to disciplinary action
up to and including dismissal.
To help protect our systems and information, you
should:
« Ensure Post office equipment is used
appropriately and protected from damage, loss
and theft.
« Immediately report to the IT Service Desk the loss
or theft of any Post Office equipment.
« Use a password or pin to lock unattended Post
office equipment. Use complex passwords to
protect your access.
= Ensure any removable Post Office IT equipment is
secured when left in the office overnight is locked
away or put out of sight when left unattended at
home, in a hotel, or in a vehicle. When travelling,
keep equipment with you at all times.
= Follow the appropriate IT request process to install
any software applications on your Post Office
equipment.
= Only use approved data storage areas, such as
One Drive. Don’t sign up for public cloud storage
services which have not been procured by Post
Office.
You must not:
Learn More
Cyber and Information Security Policy
Don't open emails from unknown
sources and never click on links or
open attachments you are
unfamiliar with or seem
Suspicious.
POL00413502
POL00413502
« Try to disable, defeat or circumvent Post Office
security controls, including but not limited to
firewalls, browser configuration, privileged access,
anti-virus and the deletion of system logs.
« Use Post Office systems or equipment to
intentionally access, store, send, post or publish
material that is:
- Pornographic, sexually explicit, indecent or
obscene, or
- Promotes violence, hatred, terrorism or
intolerance.
« — Run or engage in any form of private business
using Post Office IT equipment.
« Use your personal IT equipment to undertake Post
Office business.
« — Open emails when you don’t know who they are
from and click on unknown links and attachments.
in emails.
« Use your Post Office password for non- Post
Office IT Systems.
« Use your Post Office email address for non-
business-related websites or online activity.
« — Share your Post Office access passwords/pins
with anyone else, including work colleagues.
= Access Post Office Systems or Information after
leaving Post Office employment.
If you become aware of any information security
issues or incidents, you should always report it through
the Service Desk primarily through Servi
alternatively you can contact them o
In the event it is not possible to reac!
i il
My manager does not have access to their
emails while on vacation. They have asked
me to check their emails for an important
message by logging into their email using
their password. Is this ok?
No. It is against company policy to share
passwords. You should refuse the request
and remind your manager that it is against
company policy to share passwords and
access another person’s system.
Protecting Post Office info....0..L..
Information is one of Post Office's most valuable
business assets: Post Office is committed to
safeguarding and protecting our information and any
other information entrusted to us. Disclosing (or
“leaking”) confidential information outside of Post
Office or to those who do not need it for legitimate
business purposes can have dire consequences on
Post Office business, damaging our reputation and
breaching the trust of others.
Our Code of Business Conduct
Information within Post Office is held in many different
formats, including on paper, electronically in
documents or in IT applications & systems. Our
requirements to protect information apply to all
formats.
Post Office has Information Classification standards
which define how information within Post office should
be classified, handled and protected.
Nov 2023 v11 21
When we are handling Post Office's information, we
must:
« Familiarise ourselves with all information handling
policies and complete any mandatory training on
time.
= Understand the nature and classification of the
information, as defined in the Information
Classification Standards; understand and adhere
to the handling requirements detailed in the Cyber
and Information Security Policy; and take personal
responsibility for the proper use, circulation,
retention, protection and disposal of Post Office's
information.
* Not disclose confidential information to a third
party unless there is an approved purpose.
« Not share confidential information internally
Learn More
Cyber and Information Security Policy
Managing personal
When customers, postmasters or third partie:
do the same when they join the company. We take our responsibility and obligations seriously to collect, use and
POL00413502
POL00413502
beyond those who need it for their job. Take care
not to disclose information in public places,
including taking all necessary steps to protect
information in documents and on IT devices away
from the workplace.
Not forward emails containing non-public Post
Office information to personal email accounts.
Not store or synchronise Post Office information
onto personal devices.
Not take any Post Office confidential information if
we leave the company. Any work carried out during
employment will remain the intellectual property of
Post Office and must not be deleted or destroyed
upon leaving.
Immediately report events which could impact the
security of Post Office information by following the
information security reporting procedures.
process any personal data only for legitimate business purposes and protect it from possible loss, misuse or
disclosure.
Keeping personal data secure is critical to our people, our business and our reputation. We recognise this
responsibility and follow the laws requiring us to protect personal data that can identify an individual or which relates
to an identifiable individual.
Many employees work with personal data as part of their jobs. If you are one of them, guard this data well by following
the Company policies regarding the access, transfer and use of this data.
You must:
= Familiarise yourself with and follow
company policies regarding the access,
transfer and use of personal data.
« Complete mandatory Data Protection
training on time.
«Only collect data that is adequate and
relevant and use it solely for the purpose for
Our Code of Business Conduct
which it is collected.
= Be transparent with individuals in relation to
how their personal data is used in
alignment with Post Office privacy notices.
= Keep personal data up to date correcting
inaccurate data when requested and
respecting individual legal rights.
= Keep personal data confidential and secure
= Act responsibly and ethically, always
considering the risk to individuals in using
their personal data and take steps to
mitigate such risk.
When collecting, using or storing personal data, employees must not:
POL00413502
POL00413502
« Retain personal data for longer than necessary to achieve the business objective or meet minimum legal
requirements.
= Collect and use personal data for purposes that are not reasonably expected by our customers, postmasters, third
parties and employees.
You can contact GRO
transfer or use of personal data.
Learn More
Protecting Personal Data Polic\
if you have any questions on concerns in regards to the access,
Maintaining accurate business records
At Post Office we generate a large volume of business records
each day. We are responsible for ensuring that the records in
our custody or control are maintained, retained and destroyed
in compliance with all legal and regulatory record keeping
requirements.
To manage business records properly, we must:
«= Comply with our records management policies and
retention schedules for all business records, paper or
electronic.
= Keep records for only as long as necessary for a legitimate
business purpose or legally required. Follow the retention
periods specified in the Records Retention Schedule, if
applicable, or as required by law.
= Where we receive a Legal Hold notice, follow all retention
instructions on the notice regardless of the retention
schedule or applicable law.
«= Cooperate with internal and external auditors.
o
Learn More
Document Retention Disposal Policy
Our Code of Business Conduct
Destruction of documents
subject to a Legal Hold
notice, even inadvertently,
could expose our company
and you to civil and criminal
liability. You should consult
the legal team if you have
specific questions about
documents referred to ina
Legal Hold notice.
Nov 2023 v11 23
POL00413502
POL00413502
Financial accuracy and integrity
At Post Office we are committed to accurate reporting expenditure limits and financial policies which directly
in our company’s books and records. apply to your role.
We are accountable for the accuracy and honesty of Our managers have an extra duty to ensure that their
business records, contracts and agreements that we teams manage budgets well and spend company
handle in the normal course of business. We never money carefully.
falsify, omit, misstate, alter or conceal any
information, or otherwise misrepresent the facts on a We are expected to:
company record or encourage or allow anyone else to
do so. * Understand and apply the finance and expense
policies that are relevant to our role.
All transactions, no matter what the amount, are to be * — Strive to find the best value when spending
properly authorised, executed and recorded.
company money.
Understand when we can and when we can’t
If you notice an inaccuracy in a company record, or a commit Post Office funds.
failure to follow our internal control processes, speak Purchase goods and services only through our
up and report it immediately. registered suppliers.
is directed, managed and controlled at all levels. The basis.
identification and mitigation of risk must be embedded
in all Post Office activities and is key to effective Our risk management processes must also align and
decision making. integrate with the delivery of our strategy and in such
a way that supports an enterprise-wide approach.
All material risks must be identified, measured, Risk management must follow a consistent,
Our Code of Business Conduct Nov 2023 v11 24
transparent and auditable methodology and
proactively recognise external factors, opportunities,
and uncertainties.
Learn More
Group Risk Policy
POL00413502
POL00413502
Managers are accountable for identifying, assessing,
owning and managing their risks as well as the
maintenance of the associated internal controls.
Protecting the Environment
We recognise that our business activities and policies have impacts on the environment. We shall take full account of
the environmental effects of our policies in our planning, decision making and day-to-day activities. We recognise
and value our unique position in society which ensues from:
Our heritage
Our brands
Our nationwide
coverage through our
branches
Protection of this unique position and maintaining positive stakeholder relationships are integral to our business and
we shall aim to clearly demonstrate that we are an environmentally responsible company.
We are committed to the principle of Sustainable Development. We will seek to contribute to national and local
sustainable development policy aims. By enhancing economies, acting with social responsibility and minimising our
impact on the environment we can help create a world in which our company can flourish now and for generations to
come.
At Post Office we:
« — Integrate environmental considerations into
business decisions to establish relevant
performance indicators along with key measures
and associated improvement targets.
«Develop and implement management frameworks
that ensures high standards of environmental
performance.
= Comply with all relevant environmental legislation
and regulations and endeavor to meet and exceed
appropriate environmental good practice
standards.
« Promote transparency by having clear
environmental accountabilities and publish
relevant information about our environmental
performance on an annual basis.
= Reduce consumption of materials in our
operations, reuse rather than dispose whenever
possible, and promote recycling and the use of
recycled materials.
= Promote the prudent use of fuel, energy, water,
Our Code of Business Conduct
raw materials and other resources, including
progressively increasing our use of renewable
energy sources.
« Minimise waste and discharges to surface or
ground water.
« Reduce wherever practicable the level of harmful
emissions from our vehicles, buildings and
equipment.
* Encourage the implementation by all employees
of sound environmental practices, providing
training where appropriate.
* To support the promotion of active environmental
management with relevant external groups and
organisations.
« Work with our suppliers to minimise the impact of
their operations through a partnership approach to
our purchasing policy and to develop, where
practical, new products and services, which seek
to achieve greater sustainability.
Nov 2023 v11 25
POL00413502
POL00413502
The Use of Social Media
While it is recognised that we are entitled to privacy in our personal life, Post Office is committed to maintaining
confidentiality and safety whilst also maintaining the reputation of Post Office by exhibiting acceptable behaviour at
all times.
Social media is a collective term for websites and applications which focus on communication, community-based
input, interaction, content-sharing and collaboration (this includes sites such as Twitter, Facebook, Linkedin as well as
YouTube, Flickr, Instagram, Snapchat, TikTok and other image and video sharing sites (not exhaustive)).
Personal use: Post Office understands that we may
wish to use our own devices such as mobile phones, to
access social media websites while we are at work, but
we should limit use so not to interfere with our working
day and should be limited to our allocated break times.
While using social media in a personal capacity and
not acting on behalf of Post Office it should still be
recognised that our actions can damage Post Office's
reputation. All communications we make in a personal
capacity must not:
« Make statements which cause, or may cause,
harm to our reputation or otherwise be prejudicial
to our interests.
= Use data obtained in the course of our
employment in anyway which breaches provisions
of the Data Protection Act 2018.
«Make disparaging or defamatory statements about
the company, our colleagues, customers,
postmasters or suppliers.
= Make comments that could be considered to be
bullying, harassment or discriminatory against an
individual.
« Respond ourselves to negative posts about Post
Office. We may come across negative or
disparaging about the Company or see third
parties trying to spark negative conversations.
Avoid the temptation to respond and instead let
those who are certified internally know and
respond if required, by reporting to
Use at work: We are able to access social media
sites from any Post Office device in connection with
work related activities, such as posting about our
services, upcoming events or publicising Post Office.
In doing so we must first gain permission for from our
GE Member and comply with the below:
Sometimes the internet seems to be full of
misinformation about Post office. Isn’t it my
responsibility to correct it?
No. If there is erroneous information
in public, you should report to
“GRO “land they will take
A co-worker posted a very offensive
comment about me on Facebook. Are they
allowed to do that?
No. Employee use of online social media
must comply with company policies, including
our Dignity at Work policies.
Communication with the Pucwe anu Counmmunses
Post Office is committed to providing accurate, clear, complete, and consistent information to the public. We must
not speak at public events or to journalists without prior authorisation.
Our Code of Business Conduct
Nov 2023 v11 26
POL00413502
POL00413502
We are not permitted to agree to an interview or external speaking engagement (business or personal) in which the
company will be discussed or referenced or publish any video or written content related to Post Office without the
support and approval of a member of the Communications team.
Where a journalist wishes to speak with someone from Post Office, this request should be put to our Press Office who
will decide whether it is appropriate to provide a comment to the journalist.
Should you be asked directly to make a comment about Post Office in a published form external to the business,
such as a newspaper, magazine, journ: i s direct the request to our
Press Office. They can be contacted o1
A local newspaper has contacted me about
a rumour which is circulating about Post
Office. Can I speak to them? I want to set
the record straight.
No, unless you are an authorised
representative you should not make a public
statement on behalf of the Company. You
should direct the request to the Press Office.
ABC Anti-bribery and corruption.
Bribe Giving or receiving anything of value in exchange for an improper decision or
action.
A term that refers to everything belonging to the Company, i.e., its money,
Company asset computer systems and software, electronic and communication devices,
photocopiers, Company vehicles etc.
Our Code of Business Conduct Nov 2023 v11 27
Conflicts of interest
Conversant
Discrimination
Employee
Family member
Facilitation payments and
kickbacks
Harassment and bullying
Retail Partners
Retaliation
Speaking up
Supplier
Our Code of Business Conduct
POL00413502
POL00413502
A situation where a person has competing interests or loyalties.
Confidential online and telephone service, allowing the user to raise a concern
about an actual or potential breach of the Code
Discrimination includes less favourable treatment based on age, gender, disability,
race, sexual orientation, religion of belief, gender reassignment, marriage of civil
partnership or pregnancy and maternity.
A person employed by Post Office under one of a variety of contracts. The term
covers all employees, whether full-time, part-time, fixed term or permanent.
A relative, by blood or by marriage (or similar informal relationship), notably a
spouse, live-in partner, parent, or child. The term includes sibling, step or adopted
child, stepparent, grandparent, uncle, aunt, cousin, grandchild or any relative who
has lived with you for the past 12 months or more
Small payments made to government officials to expedite or facilitate non-
discretionary actions or services, such as paying £10 to an official to seed up a
visa application. A kick back is a payment made to an individual in return for a
referral transaction or contact with another party
Unwanted behaviour from another person which is intimidating, malicious,
offensive, insulting, humiliating, or degrading. It may be related but not limited to
age, gender, sexual orientation, race, disability, religion, or belief, and can be
either a repeated or a one-off incident. It can be verbal, non-verbal, physical and
isn’t always face-to-face.
A third-party organisation that is not a legal entity or employee, with which Post
Office has established a formal business relationship via a Franchise.
Retaliation is when someone takes a negative action against a colleague for
exercising their rights under employment law. Post Office has zero tolerance for
retaliation.
Being accountable for concerns and issues that we spot by reporting or telling
someone.
Any vendor of products or services to the Company. The term also refers to any
supplier that our Company is actively considering using, even if no business
ultimately is awarded.
Nov 2023 v11 28