POL00447907
POL00447907
Code of business conduct
Last updated: July 2024
A message from
the Strategic
Executive Group
Welcome to the most important
document we have at Post Office our
Code of Business Conduct.
Our Code of Business Conduct (the “Code”) defines the expectations we have for
how we act and how we make decisions. It sets out our clear standards of conduct
to guide us to do what is right.
The way that we conduct business has never been more important which is
why we expect everyone at Post Office to follow our Code, advocate for others
to do the same, and feel empowered to speak up if you are ever in doubt or
have questions. As our Code explains, our Speak Up channels are here for you.
Remember, Post Office does not tolerate retaliation of any kind. We will always
listen to you. We expect leaders and managers to promote a culture where
colleagues feel free to ask questions and raise concerns when something doesn't
seem right.
Read and re-read our Code. It matters. Think about how it applies to your
work. Consider how your behaviours, actions and decisions may affect
others. Speak up when you have concerns and always do the right thing.
POL00447907
POL00447907
Post Office I Code of business conduct
Contents
Our code...
Why we have a code.....
Upholding the code...
Our culture
Making good decisions
Speaking up
Our colleagues...
Equity, diversity and inclusion..
Dignity at work...
Creating a safe and healthy work environment...
Avoiding conflicts of interest...
Our business...
Protecting Post Office information
Managing personal data properly
Maintaining accurate business records ..
Using social media..
Communicating with the public and journalists...
Preventing bribery and corruption...
Preventing financial crime..
Preventing modern slavery...
Working with suppliers...
Ensuring financial accuracy and integrity...
Managing risk......
Protecting the environment
POL00447907
POL00447907
Post Office I Code of business conduct
POL00447907
POL00447907
Our code
POL00447907
POL00447907
Why we have a code
What is the Code?
The Code is the centrepiece to our ethical culture.
It sets out what we stand for, the principles we
hold ourselves accountable to, and what we
expect from every single person working for and
with Post Office, helping us all make informed
decisions and good choices.
Sometimes, you might face a situation where the
right thing to do is not obvious. That is where
our Code and ethical decision-making framework
can help. The Code is always here as a guide to
preserving our reputation. While the Code cannot
answer every question, it can show you where to
go for guidance when the answer is not clear.
The code helps you to:
* Conduct yourself honestly and ethically.
+ Protect our reputation.
« Understand what Post Office expects
from you.
+ Make good decisions every day.
+ Comply with the laws, regulations and
standards that apply to our Company.
« Understand where to go for assistance
or guidance if you have any questions.
Who is the Code for?
Our Code is for everyone working for and
with Post Office. We expect our Postmasters,
business and retail partners and suppliers to
uphold the same standards.
What are the consequences of
not complying with the Code?
There are very serious consequences for not
complying with our Code which could result in
disciplinary action, up to and including dismissal
or termination of contract. If an act violates the
law, it could result in fines or criminal prosecution.
When do we review the code?
The Code will be reviewed every three years, but
we may modify the Code as necessary between
reviews. Any modifications will be approved by
the Post Office Board.
Post Office I Code of business conduct
nn TER
POL00447907
POL00447907
Upholding the code
Colleagues’ Responsibilities
+ Know and live the Code. Read it and follow
it, along with any other policies that apply to
your role.
Complete mandatory training within the
specified timelines.
Behave in an ethical manner. Use good
judgment, being honest and ethical in every
action and decision you take.
Follow the law. Understand and ensure
compliance with legal and regulatory
obligations that apply to your job and
our company.
Ask for help. When an answer is not clear,
ask for guidance before taking action.
Speak up. Prevent harm to our company and
its reputation by reporting concerns if you feel
a working practice is not ethical or safe or it
breaches the Code.
Managers’ Responsibilities
In addition to the responsibilities that we all
have as colleagues, managers must also:
+ Lead by example and model the Code.
Take personal responsibility for promoting and
reinforcing the principles and standards set out
in the Code. Ensure team members know that
for results to matter, they must be achieved in
line with the Code. Be consistent in what you
say and do.
Ensure their team members, including new
joiners have read the Code and completed
mandatory training.
Be responsive and create a “speak up”
culture. Take seriously any concern raised
and never retaliate against someone who
raises a concern.
Take action. Take corrective or preventive
action when someone violates the Code.
Post Office I Code of business conduct
Our culture
At Post Office, our purpose is ‘We're here,
in person, for the people who rely on us’.
We envision a future of thriving communities
throughout the UK where nobody is left behind.
To help us achieve this, we have four immediate
outcomes that we must all focus on. They are:
Save to invest —- We will transform how we
operate and spend. All to create capacity and
invest more in reducing postmaster costs and
making local work.
Thriving partnerships — We will actively
develop existing partnerships and build new
ones with postmasters, strategic partners, and
commercial partners. All to create more value
for our postmasters and local communities.
Fuelled by digital —- We will grow our digital
capability and revenue and use digital to drive
better experiences through our customer
journeys, and particularly to enable easier and
faster in-branch transactions. All to create the
funding and footfall to make local work.
Create new confidence — We will develop our
capability, rebuild confidence, and rediscover
the joy of delivering as one Post Office.
POL00447907
POL00447907
Our culture is best described by our behaviours
which inform how we show up at work each day.
Our behaviours embody the shift in culture that
we all need to embrace as we work to achieve
our outcomes and ultimately our purpose.
Our behaviours are:
« Be curious — Ask the questions that you think
need to be asked, and push for the truth if you
ever think it is missing.
* Move it forward — Maintain momentum, keep
pushing things closer to completion, and be
demanding of others to do the same.
« Own the outcome - Take responsibility for the
issue and run with it until it is resolved.
+ Back each other — We're all in this together,
so embolden your colleagues and catch them
if they fall
Post Office I Code of business conduct
POL00447907
POL00447907
Making good decisions
Whilst the policies outlined in the Code provide clear guidance
on many decisions, it is not possible to cover every eventuality.
That is where the ethical-decision making framework, alongside
your owns skills and experience, can help you. Demonstrating
that you have followed the ethical-decision making framework
when making a decision protects you and Post Office.
If you have witnessed a decision that does not follow the
framework, then you should follow the guidance in the
Speaking Up part of the Code.
en faced with a decision, ask yourself the following question
FS I ap
Would I be happy
sae Have I sought out, fo exclaln sis
‘Am I acting with decision to relevant
: listened to and
integrity, fairness, ee as, stakeholders,
colleagues,
perspectives into
Postmasters,
account?
Have I actively
demonstrated Post Is itlegal? and thinking
Office behaviours?
inclusively?
customers,
YES allof
these questions
*Who might be an ‘appropriate person’ to provide further guidance?
Consider contacting the Central Risk, Legal, Compliance, CoSec teams or your People Partner.
Post Office I Code of business conduct
Speaking up
To help us build the Post Office of the future we
are committed to doing things correctly and we
want you to always raise issues and concerns
with us.
Noticing a problem and speaking up about
it helps us address issues quickly. This in
turn helps ensure that we can enhance Post
Office’s processes and controls and support our
Postmasters and the communities that we serve.
You must never ignore unethical or unprofessional
behaviour. We all have a responsibility to speak
up. If we witness or otherwise learn about the
company’s standards and reputation being put
at risk by unethical, unprofessional or even
criminal behaviour, we must report it. We don't
have to have all the facts or evidence available
to report a concern, the key element is to make
sure it is reported.
If you feel you cannot question or challenge
a colleague directly, we ask that you take the
following steps to raise issues of concerns:
1. Report the issue or concern to your
line manager
2. If you are not comfortable discussing the issue
or concern with your line manager, report the
issue or concern to another manager
3. If you are not comfortable discussing the
issue or concern with any manager, report
the issue or concern confidentially via
for through
the external speak up service provided by
Convercent by calling
the website speakup.postoffice.co.uk
speakupl
When you raise an issue or concern via Speak
Up, the Speak Up team will decide whether to
handle the concern through management action
or investigation. There is Board level oversight of
Speak Up activity with the Speak Up champion
being a non-executive director - Amanda Burton.
POL00447907
POL00447907
No retaliation
It takes courage to speak up when something's
not right. We understand that you might be
uncomfortable or anxious. That is why we do not
tolerate retaliation of any kind.
We do not tolerate retaliation for:
+ Refusing to do something that violates our
Code, policies or the law.
+ Raising a concern in good faith about
potential misconduct.
* Cooperating with an investigation.
Examples of retaliation might include demotion,
dismissal, a reduced salary, job reassignment,
threats, harassment, or any other action taken
against someone because they raised a concern,
participated in an investigation, or attempted to
deter someone from violating our Code.
A concern raised honestly even if it turns out to
be unfounded is never an excuse for any kind of
retaliation.
We will take action, typically disciplinary action,
against any individual who threatens or retaliates
against individuals who have raised their concerns.
Learn more
Speaking Up Policy
Post Office I Code of business conduct
POL00447907
POL00447907
Our colleagues
POL00447907
POL00447907
Equity, diversity and inclusion
We celebrate equity, diversity and inclusion at
Post Office and strive to build a workplace in
which all colleagues feel a sense of belonging and
are valued for who they are and the differences
they bring.
We are committed to building an equitable,
diverse and inclusive workplace and pursue
equality of opportunity and inclusion for
all colleagues through our recruitment and
employment policies and practices.
Embracing equity, diversity and inclusion
means we must:
« Uphold the law regarding human rights
and equality.
+ Comply with our Equity, Diversity & Inclusion
and Dignity at Work policies.
+ Strive to promote fairness and equality of
opportunity for employment and promotion
based on merit.
+ Not tolerate discrimination or harassment on
any grounds.
+ Encourage a range of ideas, opinions, and ways
of thinking.
+ Not engage in behaviours that discriminate or
isolate individuals or groups.
+ Consider the physical, mental, and emotional
well-being of all colleagues by educating
ourselves on inclusion and diversity.
Dignity at work
Post Office is committed to protecting the
dignity of colleagues at work and we expect
all colleagues to treat each other with dignity,
courtesy, and respect at all times.
We are fully committed to sustaining a safe,
positive, and mutually supportive working
environment that is free from discrimination,
bullying, harassment, and victimisation, where
colleagues can work collaboratively and
productively together, and where all colleagues
are equally valued and respected.
Post Office does not tolerate any form of
discrimination, bullying, harassment or
victimisation. We are committed to taking the
necessary action to ensure that they do not occur,
or where they do occur that they are dealt with
and eliminated.
Learn more
Equality, Diversity and Inclusion Policy
Dignity at Work Policy
Inclusion Playbook
We must:
+ Set a good example through our own
behaviours and challenge unacceptable
behaviour at the earliest possible opportunity.
+ Raise any concerns or issues about
discrimination, bullying, harassment,
or victimisation in good faith and in an
appropriate and timely way to the appropriate
person.
« Respect employees whose abilities, beliefs,
religion, cultures, race, sexual identity or other
characteristics are different from their own.
+ Be open and honest in dealings with others
and respect confidentiality.
+ Challenge unacceptable behaviour in a way
which is consistent with our behaviours and
where possible take steps to put an end to it
without delay.
Post Office I Code of business conduct
POL00447907
POL00447907
Creating a safe and healthy
work environment
Post Office is committed to providing a working environment Post C
which promotes and maintains the health, safety, and
wellbeing of its employees.
\FFice
JTNCE
Post Offices ‘duty of care’ towards employees, including
managing and safeguarding the physical and psychological
wellbeing of our employees.
Whether working in an office, branch, depot, at home,
commuting to work or out in the field your safety and
wellbeing is important to us. We will aim to comply with
all applicable legislation and regulations and aim to
continuously improve health and safety performance.
We expect everyone at Post Office to behave in a safe
and responsible manner at all times.
Everyone at Post Office has a role to play and we must:
+ Follow health and safety policies, + Promote a culture where all health and
risk assessments, standards, wellbeing issues can be discussed openly
procedures, laws, and regulations. in a supportive way and an environment
which is conducive to employees engaging
+ Not behave in a way that might put . .
with each other on wellbeing.
ourselves or others in danger.
« Prevent, so far as it is reasonably
practicable, those circumstances
detrimental to health and wellbeing.
+ Make sure we know what to do if an
emergency occurs in the workplace.
« If safe to do so without risking own
safety, intervene when we think
someone's safety is at risk.
« Raise concerns with their line manager or
Employee Assistance Programme (EAP) when
factors are impacting their wellbeing so that
+ Promptly report any actual or near miss appropriate support can be put in place.
accident or injury or unsafe conditions,
so that corrective or preventative
measures can be put in place.
+ Take personal responsibility for own
wellbeing and signpost colleagues
to appropriate support services.
* Complete mandatory and role specific Health
and Safety training in the specified timescales. + Understand any necessary adjustments
their colleagues are receiving as a
+ Never work under the influence result of their health and wellbeing.
of drugs or alcohol.
If driving for work, drive safely and legally.
+ Promote a positive attitude to Learn more
health and wellbeing. Health and Safety Policy
+ Familiarise themselves with policies, Health and Wellbeing Policy
guidance and how to access support Alcohol and Drugs Policy
services including Occupational Health and Physical Security Policy
Employee Assistance Programme (EAP).
Post Office I Code of business conduct 12
POL00447907
POL00447907
Avoiding conflicts of interest
Conflicts of interest can arise when our
personal relationships or financial interests
overlap with our responsibilities at work. If we
don't navigate potential conflicts of interest
carefully, these situations can impact the
decisions we make, erode trust within teams,
and harm Post Office's reputation.
In business, the line between personal and
professional interests can become easily blurred
and separating the two can be challenging,
especially when personal relationships, outside
employment or investments are involved.
We are all expected to act in the best interest of
the company. This means we must never allow
our personal interests to influence our actions on
behalf of Post Office. Every decision we make at
work should be objective and with the company’s
business interests in mind.
Learn more
Conflicts of Interest Policy
We must:
+ Disclose to our line managers any conflict
or potential conflict of interest which arises
including any family member or close working
relationship at Post Office.
+ Disclose any work for other organisations
which conflicts or poses a potential conflict
with Post Office's business interests.
+ Not use our position for private advantage.
+ Not allow a personal relationship or financial
interest in another company to influence
decisions we make in our job.
+ Not take an active part in hiring/promoting
family members.
+ Not procure services from family members.
+ Not promote personal political activity as being
connected to Post Office.
When considering a potential conflict of interest
imagine explaining your actions to a friend,
colleague, or the media and use the ethical
decision-making framework.
Post Office I Code of business conduct
13
POL00447907
POL00447907
Our business
POL00447907
POL00447907
Protecting Post Office information
Information is one of Post Office’s most valuable
business assets. Post Office is committed to
safeguarding and protecting our information and
any other information entrusted to us.
Information within Post Office is held in
many different formats, including on paper,
electronically in documents or in IT applications
and systems. Our requirements to protect
information apply to all formats.
Post Office has an Information Classification
Standard which defines how information
within the Post office should be classified,
handled and protected.
When we are handling Post Office's
information, we must:
+ Familiarise ourselves with all information
handling policies and complete any mandatory
training in the specified timeframe.
+ Understand the nature and classification of
the information, as defined in the Information
Classification Standard; understand and
adhere to the handling requirements detailed in
the Cyber and Information Security Policy; and
take personal responsibility for the proper use,
circulation, retention, protection and disposal
of Post Office’s information.
* Not disclose confidential information to a third
party unless there is an approved purpose.
+ Not share confidential information internally
beyond those who need it for their job. Take
care not to disclose information in public
places, including taking all necessary steps to
protect information in documents and on IT
devices away from the workplace.
+ Not forward emails containing non-public Post
Office information to personal email accounts.
+ Not store or synchronise Post Office
information onto personal devices, without
appropriate measures.
+ Not take any Post Office confidential
information if we leave the company. Any work
carried out during employment will remain the
intellectual property of Post Office and must
not be deleted or destroyed upon leaving.
* Immediately report events which could
impact the security of Post Office
information by following the information
security reporting procedures.
The security of our information and IT systems
is critical. Many of us will have access to Post
Office systems, information and devices such as
laptops and mobile phones. It’s important that
anyone who accesses them knows how to keep
them secure by following the requirements in the
Cyber and Information Security policy.
Post Office I Code of business conduct
15
To help protect our systems and information,
you should:
+ Ensure Post office equipment is used
appropriately and protected from damage,
loss and theft.
+ Immediately report to the IT Service Desk the
loss or theft of any Post Office equipment.
« Use a password or pin to lock unattended Post
office equipment. Use complex passwords to
protect your access.
+ Ensure any removable Post Office IT
equipment is secured when left in the office
overnight, is locked away or put out of sight
when left unattended at home, in a hotel, or
in a vehicle. When travelling, keep equipment
with you.
« Follow the appropriate IT request process to
install any software applications on your Post
Office equipment.
« Only use approved data storage areas, such as
One Drive. Don't use a personal email service
for Post Office communications, such as
Gmail or Yahoo mail or sign up for public cloud
storage services which have not been procured
by Post Office.
« Use your personal IT equipment in line with
the Bring your own Device (BYOD) Standard
to undertake Post Office business.
POL00447907
POL00447907
You must not:
+ Try to disable, defeat or circumvent Post
Office security controls, including but not
limited to firewalls, browser configuration,
privileged access, anti-virus and the deletion
of system logs.
+ Use Post Office systems or equipment to
intentionally access, store, send, post or
publish material that is:
- Pornographic, sexually explicit, indecent
or obscene, or
- Promotes violence, hatred, terrorism or
intolerance.
« Run or engage in any form of private business
using Post Office IT equipment.
+ Procure new product and services without
going through the formal procurement process,
to reduce ‘shadow IT’.
« Open emails when you don’t know who they
are from and click on unknown links and
attachments in emails.
+ Use your Post Office password for non- Post
Office IT Systems.
« Use your Post Office email address for non-
business-related websites or online activity.
« Share your Post Office access passwords/pins
with anyone else, including work colleagues.
+ Access Post Office Systems or Information
after leaving Post Office employment.
If you become aware of any information security
issues or incidents, you should always report
it through the Service Desk primarily through
ServiceNow or alternatively you can contact them
i In the event it is not possible
to reach the service desk through the above you
Learn more
Cyber and Information Security Policy
Post Office I Code of business conduct
POL00447907
POL00447907
Managing personal data properly
When customers, postmasters, retailers or third
parties do business with us, they entrust us with
personal data. Our colleagues do the same when
they join the company. We take our responsibility
and obligations seriously to collect, use and
process any personal data only for legitimate
business purposes and protect it from possible
loss, misuse or disclosure.
All colleagues work with personal data as
part of their jobs — this could be user account
information, sensitive health data or simply
colleague email addresses. Guard this data well
by following the Company policies regarding the
storage, access, transfer and use of this data.
You must:
« Familiarise yourself with and follow company
policies regarding the access, transfer and use
of personal data.
+ Complete mandatory Data Protection training
in the specified timeframe.
+ Promptly report incidents involving personal
data following the appropriate process.
+ Provide assistance to the Information Rights
team with any requests relating to individual
rights or Freedom of Information requests.
* Only collect data that is adequate and relevant
and use it solely for the purpose for which it is
collected.
+ Be transparent with individuals in relation to
how their personal data is used in alignment
with Post Office privacy notices.
+ Keep personal data up to date, correcting
inaccurate data when requested and
respecting individual legal rights.
+ Keep personal data confidential and secure
with appropriate safeguards.
+ Act responsibly and ethically, always
considering the risk to individuals in using
their personal data and take steps to mitigate
such risk.
When collecting, using or storing personal data,
colleagues must not:
+ Retain personal data for longer than necessar
to achieve the business objective or meet
minimum legal requirements.
+ Use personal data for any new purposes
without talking to the Data Protection team.
* Contact data.protection!
y
you have any questions on concerns regarding
the access, transfer or use of personal data.
Learn more
Protecting Personal Data Policy
Post Office I Code of business conduct
POL00447907
POL00447907
At Post Office we generate a large volume of + Keep records for only as long as necessary
business records each day. We are responsible for a legitimate business purpose or legally
for ensuring that the records in our custody or required. Follow the retention periods
control are maintained, retained and destroyed specified in the Records Retention Schedule, if
in compliance with all legal and regulatory record applicable, or as required by law.
keeping requirements. + Where we receive a Legal Hold notice,
To manage business records properly, we must: follow all retention instructions on the notice
regardless of the retention schedule
« Comply with our records management policies ‘s
or applicable law.
and retention schedules for all business
records, paper or electronic. * Cooperate with internal and external auditors.
Post Office
Using social media
While it is recognised that we are entitled
to privacy in our personal life, Post Office is
committed to maintaining confidentiality and
safety whilst also maintaining the reputation of
Post Office by exhibiting acceptable behaviour
at all times.
Social media is a collective term for websites
and applications which focus on communication,
community-based input, interaction, content-
sharing and collaboration (this includes sites
such as Twitter, Facebook, LinkedIn as well
as YouTube, Flickr, Instagram, Snapchat,
TikTok and other image and video sharing
sites (not exhaustive).
Personal use: Post Office understands that we
may wish to use our own devices such as mobile
phones, to access social media websites while
we are at work, but we should limit use so not
to interfere with our working day and should be
limited to our allocated break times.
While using social media in a personal capacity
and not acting on behalf of Post Office it should
still be recognised that our actions can damage
Post Office’s reputation. All communications we
make in a personal capacity must not:
+ Make statements which cause, or may cause,
harm to our reputation or otherwise be
prejudicial to our interests.
+ Use data obtained in the course of our
employment in anyway which breaches
provisions of the Data Protection Act 2018.
+ Make disparaging or defamatory statements
about the company, our colleagues, customers,
postmasters or suppliers.
+ Make comments that could be considered
to be bullying, harassment or discriminatory
against an individual.
« Respond to negative posts about Post
Office. We may come across negative
or disparaging about the Company or
see third parties trying to spark negative
conversations. Avoid the temptation to
respond and instead let the Social Media
team internally know and respond if required,
by reporting t ni
POL00447907
POL00447907
Use at work
We are able to access social media sites
from any Post Office device in connection
with work related activities, such as posting
about our services, upcoming events or
publicising Post Office. In doing so we
must first gain permission for from our SEG
Member and comply with the below:
+ Post Office brands or logos are not used
or alter i ior permission from
+ Do not create any social media accounts
whether for your Product Category, Area,
Region, Department, Depot wi i
permission from socia _
+ Copyright and fair usage laws and restrictions
are respected and observed.
+ Must not disclose any intellectual property,
confidential or commercially sensitive
information relating to the company.
+ Do not respond to negative post about
report these to
Post Office I Code of business conduct
19
POL00447907
POL00447907
Communicating with the
public and journalists
Post Office is committed to providing accurate, clear, complete,
and consistent information to the public.
We are not permitted to agree to an interview with a journalist;
share material with a journalist; participate at an external speaking
engagement (business or personal) in which the company will be
discussed or referenced; or publish any video or written content
related to Post Office without the support and approval of the
press office or a member of the wider Communications team.
Should you be asked directly to make a comment about Post Office
in a published form external to the business, such as a newspaper,
magazine, journal, radio, television or a website, you must always
direct th st to Pi Office. Th be contacted on
Preventing bribery and corruption
At Post Office, we have a zero-tolerance ! > offered gifts
policy regarding bribery and corruption as this
goes against fundamental values of integrity,
transparency and accountability and undermines
the Group's effectiveness. The consequences of
violating bribery laws can be severe — for you and
for the Company.
We conduct business using ethical practices only.
Bribes come in many forms, and they are not
always obvious. Any offer of items of value
that may inappropriately influence or secure an
improper advantage can be considered a bribe.
A gift, the promise of a job, the offer of a trip, a
charitable contribution, could all be considered
bribes if offered in exchange for any decision or
favourable treatment.
We responsibly invest in our business
relationships but never offer or accept gifts,
hospitality or entertainment or anything
else of value to improperly influence people.
An overly generous gift can pressure the
recipient to return the favour or feel indebted
Gifts and hospitality must have a demonstrable to the giver and create a conflict of interest
link with a legitimate business purpose, the value or perception of a conflict of interest.
must be justifiable and proportionate for the roles
and relationship with the client and they must be
defensible under potential public scrutiny.
Post Office I Code of business conduct 20
Gifts
Gifts costing £25 or less do not need to be
reported and approved. All gifts of £25 and over
which are received or offered must be recorded
using the Gifts and Hospitality tool, whether
accepted or declined by the receiver
Gifts exchanged with external third parties
should ordinarily be under £150 per person
in value (and must also be approved by your
SEG Member).
Hospitality and Entertainment
Hospitality should be reasonable (not lavish or
extravagant), proportionate to its purpose and
must ordinarily be below £200 per person in
value (if over £200 it must also be approved by
your SEG member).
The number of attendees on both sides should be
limited to those whose presence is necessary to
progress the business in hand.
Small offers of hospitality such as tea, coffee or
sandwiches do not need to be recorded via the
gifts and hospitality tool, but the recipient details
must be recorded fully on the expenses claim via
the Selenity Expense Reporting Tool.
POL00447907
POL00447907
We must:
+ Familiarise ourselves with and follow the Anti-
bribery and Corruption policy and procedures.
+ Always make clear, internally and when dealing
with third parties, that Post Office has a zero-
tolerance approach to bribery and corruption
and will not (directly or indirectly) offer, pay,
seek or accept a payment, gift or favour to
improperly influence a business outcome.
+ Apply this code in good faith to ensure gifts
and hospitality are never considered to be
excessive, confer improper advantage or create
an actual or perceived conflict of interest.
+ Familiarise and observe monetary limits that
Post Office has set separately for gifts and
hospitality.
Ensure all gifts and hospitality are reported
and approved, prior to the offer or acceptance.
« Never accept cash or cash equivalent
(e.g., Gift Cards).
+ Not offer or accept any gifts or hospitality if the
third party or Post Office is currently or about
to tender for a contract for services involving
the other party.
+ Not ask for or accept sporting or charitable
sponsorship from an organisation that has (or
is seeking) a contract to supply the company
or is in competition with it. You must declare to
your manager any plan to accept sponsorship
and ask if there is any conflict.
+ Immediately notify our line manager if we
become aware of any suggested or actual
payment or other transaction which has the
potential to be in breach of the Anti- Bribery
and Corruption Policy.
+* Complete mandatory Anti-Bribery and
Corruption training in the specified timeframe.
Learn more
Anti-bribery and Corruption Policy
Gifts and Hospitality Reporting Tool
Post Office I Code of business conduct
21
POL00447907
POL00447907
Preventing financial crime
At Post Office we are committed to conducting
business in a way that prevents the use of our
product, services and business transactions
by those who might abuse them, and we all
have a responsibility to ensure that the highest
standards of financial crime prevention, detection
and management are maintained.
Failure to manage Financial Crime risks and
incidents appropriately could have serious
consequences for Post Office including financial
loss, customer impact, regulatory breaches, fines,
prosecution, prevention from selling a particular
product, loss of existing or future contracts/
relationships and damage to reputation.
Financial Crime is any offence involving: fraud
or dishonesty, misconduct in, or misuse of
information or handling the proceeds of crime.
It can be internal (by individuals within Post
Office) or external (by criminals using Post Office
to facilitate financial crime). Financial Crime
is commonly considered as including one or a
combination of the following offences:
° Fraud
* Cybercrime
¢ Bribery and corruption
+ Tax evasion facilitation
« Information security breaches
* Terrorist financing
+ Money laundering
Post Office has a range of approved
policies, business procedures and controls
designed to prevent activities that could
facilitate financial crime, and it is important
you always follow these.
Money laundering is the process criminals use
to conceal, disguise, and dispose of money and
assets obtained from criminal activity, such as
terrorism, drug dealing, tax evasion, human
trafficking and fraud, and change them into clean
money or assets that have no obvious link to their
criminal origins.
}
We must:
+ Familiarise ourselves with and follow all Post
Office policies.
+ Understand and follow procedures and internal
controls that are designed to prevent financial
crime or money laundering.
+ Be proactive when it comes to spotting
behaviour or transactions that might signal a
problem and ensure we report our concerns
as soon as possible. Suspicions of money
laundering should be reported to Grapevine on
+ Complete mandatory Anti-Money Laundering
and Counter Terrorist Financing training in the
specified timeframe.
Learn more
Anti-Money Laundering and Counter Terrorist
Financial Crime Policy
Speaking Up Policy
Post Office I Code of business conduct
22
POL00447907
POL00447907
Preventing modern slavery
Modern slavery is a complex crime that takes
several different forms and amounts to a
violation of fundamental human rights, such as
slavery, servitude, forced or compulsory labour
and human trafficking. All of these acts deprive
a person's liberty in order to exploit them for
personal or commercial gain. There is no typical
victim and some victims do not understand that
they have been exploited and are entitled to help
and support
Post Office is committed to
acting ethically and with integrity
in all our business dealings and
relationships and to implementing
and enforcing the systems and
controls set out in our Modern
Slavery Statement with the
aim of ensuring that modern
slavery is not taking place
anywhere in our own business
or in any of our supply chains.
Many of the key modern slavery offences are
committed if a person or company knew or ought
to have known that an offence was taking place.
It is therefore vital that we all keep our eyes
open to the possibility that such practices might
be taking place. The prevention, detection and
reporting of modern slavery in any part of our
business or supply chains is the responsibility of
all Post Office employees at all levels.
We must:
+ Read our Post Office Modern Slavery
statement.
+ Complete the mandatory Modern Slavery and
Human Trafficking training in the specified
timeframe.
+ Use the confidential Speak Up service if you
have any concerns about the issues raised
in the statement or if you think you have
identified signs of modern slavery within our
business or supply chains.
Learn more
Modern Slavery Statement
Post Office I Code of business conduct
23
POL00447907
POL00447907
Working with suppliers
As a Contracting Authority governed by
public law, we are committed to ensuring
that we deliver value for money through our
contracts with suppliers. We are subject
to the Public Contract Regulations (PCR)
2015, which mandate the processes we must
follow, from the initial supplier engagement
through to sourcing competitions and contract
award. These processes are designed to:
* Be fair, open and transparent.
+ Deliver value for money and innovation.
« Ensure equal treatment and transparency
with all suppliers.
+ Ensure contracts are awarded fairly.
We must ensure that our commercial activity is
compliant with the legislation and demonstrates
our commitment to best practice.
Maintaining our reputation for ethical business
integrity is absolutely vital and we must also
ensure that we partner with suitable suppliers
who will align with our Code.
If you work with suppliers, you must:
+ Complete the Procurement online
training module.
+ Consult with the Procurement team for advice,
and to ensure that processes are followed.
« Familiarise yourself with the Procurement
Policy, Purchasing Process, and the associated
procedures on our Hub page.
+ Ensure there is no commitment or contractual
engagement with Suppliers until they are
onboarded correctly, which includes accepting
the Supplier Code of Conduct and other
guidance documents.
Once a Supplier has been selected and a contract
is in place, you must:
+ Ensure that Purchasing process is followed to
ensure that orders are raised and managed
so that we are only paying for the goods or
services that we have received.
« Ensure that contracts are managed effectively
in line with Contract Management Framework.
+ Notify your Line Manager and the Procurement
team if they know of, or suspect, that third
party suppliers are not meeting requirements,
or if they are performing contrary to the agreed
contractual terms.
Learn more
Procurement Policy
Purchasing Process
Contract Execution Policy
Supplier Code of Conduct
Post Office I Code of business conduct
24
POL00447907
POL00447907
Ensuring financial accuracy
and integrity
At Post Office we are committed to accurate
reporting in our Group's books and records.
We are accountable for the accuracy and honesty
of business records, contracts and agreements that
we handle in any business activity. We never falsify,
omit, mis-state, alter or conceal any information,
or otherwise misrepresent the facts on a company
record or encourage or allow anyone else to do so.
Alltransactions, no matter what the amount, are to
be properly authorised, executed and accounted for in
line with International Reporting Standards and Post
Office's internal accounting policies.
If you notice an inaccuracy in a Group record, a
failure to following financial accounting policies or
our internal control processes, speak up and report
it immediately.
You should only ever spend company money where
there is a legitimate business need and where the
cost is worth the benefit. You should know the local
expenditure limits and the Groups Procurement
policy which directly apply to your role.
Our managers have an extra duty to ensure that
their teams manage budgets well and spend
company money carefully and in line with approved
limits.
We are expected to:
« Understand and apply the finance and expense
policies that are relevant to our role.
Strive to find the best value when spending
company money.
+ Understand when we can and when we can't
commit Post Office funds.
+ Purchase goods and services only through our
registered suppliers.
Managing risk
Our risk management processes align and integrate
with the delivery of our strategy and in such a way
that supports an enterprise-wide approach. We
must follow a consistent, transparent, and auditable
methodology and proactively recognise and respond
to external factors, opportunities, and uncertainties.
We do this by our:
Risk Policy — An established set of minimum operating
standards relating to enterprise risk management
throughout Post Office. Compliance with our policy
supports Post Office in meeting its business objectives
and balances the needs of our shareholders,
Postmasters, employees, and stakeholders,
Risk Management Framework — designed to
ensure risks throughout the business are identified,
assessed, and effectively managed, at all levels.
Our framework incorporates four core elements;
identify, assess, respond, and monitor.
Risk Appetite and Tolerance — Our risk appetite
statements set a clear and concise set of
statements against our corporate risk appetite
scale, an important component of our control
environment and provides key input to strategic
decision making. This scale has several risk
acceptance levels, ranging from (averse) avoiding
nearly all risks where at all possible to, we will take
risks, and accept the possibility of failure (open).
Risk tolerance was introduced to support the
management of risks for an agreed period, where
we may need to tolerate more risk due to funding/
resource/programme constraints.
Learn more
Group Risk Policy
Post Office I Code of business conduct
25
POL00447907
POL00447907
Protecting the environment
We recognise that our business activities and
policies have an impact on the environment. We
shall take account of the environmental effects of
our policies in our planning, decision making and
day-to-day activities. We will formally manage
and mitigate environmental and climate risk as
part of our risk framework.
We will seek to contribute to national and
local sustainable development policy aims.
By enhancing economies, acting with social
responsibility and minimising our impact on
the environment we can help create a world in
which our company can flourish now and for
generations to come.
At Post Office we:
« Integrate environmental considerations
into business decisions to establish relevant
performance indicators along with key
measures and associated improvement targets.
+ Develop and implement management
frameworks that ensures high standards of
environmental performance.
* Comply with all relevant environmental
legislation and regulations and endeavour to
meet and exceed appropriate environmental
good practice standards.
+ Promote transparency by having clear
environmental accountabilities and publish
relevant information about our environmental
performance on an annual basis.
Reduce consumption of materials in our
operations, reuse rather than dispose
whenever possible, and promote recycling
and the use of recycled materials.
Promote the prudent use of fuel, energy, water,
raw materials and other resources, including
progressively increasing our use of renewable
energy sources.
Minimise waste and discharges to surface or
ground water.
Reduce wherever practicable the level of
harmful emissions from our vehicles, buildings
and equipment.
Encourage the implementation of sound
environmental practices, providing training for
colleagues where appropriate.
Support the promotion of active environmental
management with relevant external groups
and organisations.
Work with our suppliers to minimise the
impact of their operations through a
partnership approach to our purchasing
policy and to develop, where practical, new
products and services, which seek to achieve
greater sustainability.
Undertake Climate Scenario Analysis to
evaluate climate risk on business and supplier
operations and identify opportunities to
influence future business strategy and policy.
Post Office I Code of business conduct
26
POL00447907
POL00447907