POL00447997
POL00447997
Group policy
Version 9.0
POL00447997
POL00447997
1.4 Application...
1.5 Legislation......
1.6 How to ‘Speak Up’.
1.7 External Disclosures.
1.8 Protecting the Speak Up Reporter (Your Legal Rights).
1.9 The Speak Up Champion and Management Reports.........
1.10 Responding to Speak Up Reports.
1.11 Other Contact Details...
2 Risk appetite and required operational standarde.........
2.1 Risk appetite......
2.2 Policy framework...... sees
2.3 Policy Required Operational Standards...............:.::ceeeeeees
3 Where to go for hel,
3.1 Additional policie:
3.2 How to raise a concern.
3.3 Who to contact for more information............:.:+
4 Governance.
4.1 Governance responsil
5 Definitions...
5.1 Definitions...
6 Document control...
6.1 Document control record.....
6.2 Oversight committee: Risk and Compliance Committee / Audit and Risk Committee.
5.3. Company details...
INTERNAL and EXTERNAL — Group Policy Speak Up_May24
Page 2 of 15
POL00447997
POL00447997
1 Overview
1.1 Introduction by the standard owner
The Director of Assurance & Complex Investigations is the Policy Owner and, together with the
Group Legal Director, has overall accountability to the Board of Directors to oversee that a Speak
Up culture is proactively encouraged throughout Post Office Ltd (POL) and the current
arrangements are challenged and assessed for areas of continuous improvement. They are
accountable for the implementation of controls ensuring POL meets Speak Up obligations. Speak
Up is a standing agenda item for the Audit and Risk Committee.
1.2 Purpose
The Policy has been established to set the minimum operating standards relating to the management
of Speak Up throughout the Group and risks throught Post Office.
It is one of a set of policies which provide a clear risk and governance framework and an effective
system of internal control for the management of risk across Post Office. Compliance with these
policies supports the Post Office in meeting its business objectives and to balance the needs of
shareholders, employees, and other stakeholders.
1.3 Core principles
‘Speak Up’ is POL’s whistleblowing service, enabling individuals to raise concerns in confidence
(and anonymously if preferred). POL encourages speaking up and raising concerns or identify
wrongdoing. It is the right thing to do for our colleagues and Postmasters and helps protect our
reputation. We commit to proving appropriate protections to Speak Up Reporters. The
governance arrangements described in this Policy are based upon the following core principles:
e POL will treat Speak Up disclosures consistently, fairly, appropriately, and professionally
and afford the protections from the Public Interest Disclosure Act 1988; Reporters raising a
genuine concern will be protected from reprisals, even if they turn out to be mistaken;
e Encourage the reporting of any concerns as soon as possible in the knowledge that POL
will take all concerns raised seriously and investigate them fully. Concerns will be kept
confidential and disclosed only on a ‘need to know’ basis;
e The Speak up team will seek to not reveal a Reporters’ identity outside of the team without
the prior agreement of the Reporter. However, there may be occasions when details need
to be shared, where there is a risk of harm to the reporter or others, or where we need to do
so for legal or regulatory reasons, or are required to disclose documents to the Post Office
Horizon IT Inquiry;
e POL will actively promote and publicise how staff can raise those concerns;
e« That POL will provide a training and awareness program to ensure all employees are
aware of the Speak Up policy and procedure.
If you need further information about this Policy or wish to report an issue in relation to this Policy,
please contact the Policy Sponsor or Policy Owner.
Definitions
in this Policy “Post Office” means Post Office Limited and any wholly owned subsidiary
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 3 of 15
POL00447997
POL00447997
“Employee” and “Staff? means an individual who has entered into or works under (or, where the
employment has ceased, worked under) a contract of employment or any other relevant contract,
as defined in sections 230(2) and (3) of the Employment Rights Act 1996, with Post Office or the
Group or is defined as a “worker” under section 43K Employment Rights Act 1996.
“Post Office”, “POL” and “Group” mean Post Office Limited and any wholly owned subsidiary that
formally adopts this Policy.
“Speak Up” in the context of PIDA refers to the act of a person (the “Speak Up Reporter’) making
a disclosure that the Reporter reasonably believes is (a) in the public interest, and (b) regarding
past, present or likely future wrongdoing that falls into one or more of the following categories:
* criminal offences (this may include types of financial impropriety such as fraud)
+ failure to comply with an obligation set out in law (including regulatory breaches)
* miscarriages of justice
* endangering of someone's health and safety
+ damage to the environment
* covering up wrongdoing in the above categories
+ abreach of the POL’s policies and procedures
* behaviour that harms or is likely to harm the reputation or financial well-being of the POL
1.4 Application
This Policy is applicable to all Staff within the Group and outlines how POL will encourage, receive,
and investigate incidents of Speak Up and the protections provided for Staff Speak Up Reporters by
law and internal policies.
Procedurres for the Speak Up team who handle the reports and those within the A&Cl who
investigate matter arising from Speak Up report are set out in an internal doceument called — the
Investigator's Manual. This policy doesn to govern how Speak Up matter are investigated, that falls
under the Groups Invesitgations Policy in the same way as any other investigation conducted by
A&Cl.
In order to encourage reporting of possibel wrongdoing, POL will, where appropriate, and to the
extent possible, follow equivalent principles to encourage, receive and investigate Speak Up report
made by Postmasters (whether limited companies, partnerships, limited liability partnerships or
individuals), Postmaster's assistants, and members of the public.
Although covered by the principles of this policy, Postmasters and their assistants are not protected
under law to the same extent as POL staff. POL can extend confidentiality protection, but
employment protection can only extend to employees. However, a POL employee who subjects
anyone, which includes Postmaster’s and their staff to a form of retaliation to raising a Speak Up
mater, will be dealt with under POL’s conduct code.
1.5 Legislation
The Group seeks to comply with all relevant UK legal and regulatory requirements including (but
not limited to) the following legislation as amended or supplemented from time to time:
+ Employment Rights Act 1996
+ Public Interest Disclosure Act 1998
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 4 of 15
POL00447997
POL00447997
1.6 How to ‘Speak Up’
POL supports and promotes a number of reporting mechanisms:
+ I The Speak Up Reporter's line manager
+ Contacting the “Speak Up” line, a confidential reporting service which is operated by an
independent company, Convercent, on behalf of POL
* Direct to the Speak Up Manager
* To a front-line team, e.g. Area Managers, customer complaints, Branch Support Centre and
Grapevine.
These may be verbal or written communications.
Information and contact details
Speak Up line:
* Telephone Number
+ http://speakup.postoffic
+ Email direct:
/ which is a secure on-line web portal
Any POL Staff who suspects that there is a breach of this Policy should report this without any
undue delay through any of the reporting mechanisms set out above or to the Speak Up Champion,
Non-Executive Director, Amanda Burton.
What information needs to be provided?
There is no definitive list of what should be reported to Speak Up. Although the Speak Up Reporter
is not required to provide evidence, they should be able to explain their concern, why they are
making the disclosure and any relevant background information they have. Reports can be made:
* openly,
+ confidentially -when the individual (or entity in the case of a limited company, partnership or
limited liability partnership) making the report gives their or its name and the person handling
the report will
try to respect confidentiality where possible (subject to exceptions described in paragraph 1.9,
or
* anonymously — reports made anonymously are taken seriously, however, POL encourages
open reporting as without certain details, it may not be possible to investigate a report as
thoroughly as would otherwise be the case and/or provide feedback on the progress or outcome
of the investigation.
Difference between Speak Up and other complaints
This Policy should not be used by Staff wishing to raise complaints relating to their own personal
circumstances, such as the way they have been treated at work. Speak Up reporting is a matter of
public interest that meets the definition of a Public Interest Disclosure set out in this Policy and
statute. Grievances and matters such as bullying and harassment or dissatisfaction with a
performance rating should be raised in accordance with the procedures set out in the appropriate
HR policy.
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 5 of 15
The following table sets out examples of events
disclosure.
POL00447997
POL00447997
that might prompt the making of a Speak Up
Speak Up
Not Speak Up
Actions that put colleagues or customers health
and safety in danger - A branch manager
refuses to follow security procedures when
admitting visitors into the secure area of a
branch, putting staff at risk
A member of staff tells you they are being
constantly criticised by one particular manager.
The manager seems to pick on their work and
does so in front of others - — this is covered by
the Grievance Policy
Disclosure of a personal grievance may count
as a legitimate complaint if it is in the public
interest, for example on the grounds of racial,
sexual or disability discrimination - A staff
member complains that the branch manager
has made racist/discriminatory remarks to other
members of staff and members of the public.
You believe that you are not provided with
training and development opportunities because
of your age or sex — this is covered by the
Dignity at Work Policy
An individual identifies that an invoice from a
company has a company address that is the
home address of a company director or senior
manager, and they do not believe this is being
handled within Post Office Policy.
A manager believes they have been given an
unfair PDR assessment, and they are not happy
with the outcome of discussions with their line
Manager — this is covered by the Grievance
Policy
It is suspected that Post Office is breaching
legal or regulatory requirements and that this is
being covered up - A staff member reported to
their manager that the dates on the fire
extinguishers within the building have expired
but still no action has been taken.
A clerk complains that they feel they are being
bullied by their line manager - this is covered by
the Dignity at Work Policy
A staff member has noticed their line manager
changing the teams SLA results to show better
figures when reporting - This is potential fraud
as this could lead to the Post Office declaring
false figures
You are suspicious of a customer coming in to
purchase substantial amounts of foreign
currency on a regular basis — this is covered in
the Anti Money Laundering and Counter
Terrorist Financing Policy.
If an individual (or entity in the case of a limited company, partnership, or limited liability partnership)
is uncertain about whether something is within the scope of this Policy they or it should seek advice
from the Speak Up team, whose contact details are set out in this Policy. Where reports are made to
the Speak Up team that are not disclosures falling under the team’s remit, the reports will be sent to
an appropriate team in POL for consideration or the Reporter will be sign-posted by the Speak Up
team to the appropriate team e.g. a complaint about an end of year performance review will be
directed to the Grievance Policy unless there are PIDA-qualifying characteristics to the report.
1.7 External Disclosures
The aime of this Policy is to provide an internal mechanism for reporting, investigating, and
remedying possible wrongdoing in the workplace and to demonstrate POL’s commitment to listen
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 6 of 15
POL00447997
POL00447997
to the concerns of Staff. In most cases Speak Up Reporters should not find it necessary to alert
anyone externally.
However, the law recognises that in some circumstances it may be appropriate for individuals to
report their concerns to an external body such as a regulator. It will rarely, if ever, be appropriate to
alert the media at least without informing POL or an external agency first and usually in that order.
Advice
We strongly encourage Speak Up Reporters to seek advice before reporting a concern to anyone
externally. The independent whistleblowing charity, Protect, have a list of prescribed regulators for
reporting certain types of concerns. Their contact details are as follows:
Helpline:;
Website: www.protect-advice.org.uk
Protect operates free, confidential advice to people concerned about crime, danger or wrongdoing
in the workplace. All Protect advisors are legally trained and supervised by qualified lawyers and
their advice is fully confidential and subject to legal privilege. All information, including emails, or
records of telephone calls, letters, or any other form of communication with Protect advisors is
stored in a fully encrypted format.
Advice may also be sought from:
+ the Government (general guidance is available on www.gov.uk/whistleblowing);
* Trade Unions; and/or
+ Advisory, Conciliation and Arbitration Service (ACAS) (www.acas.org.uk)
+ Advice may be sought which would, among things, assist Speak Up Reporters to verify the
position that a personal grievance is not generally regarded as a protected disclosure.
Disclosures to the FCA or PRA
Post Office Management Services (POMS) is directly regulated by the Financial Conduct Authority
(FCA), and Post Office Limited is an appointed representative of Bank of Ireland (UK) Limited
which is authorised by the Prudential Regulation Authority (PRA). As such individuals may decide
to report concerns directly to the FCA or PRA and can do so by using one of the following channels.
Body Contact details
FCA’s
Whistleblowing
Service Website: www.fca.org.uk/site-info/contact/whistleblowing
Address: Intelligence Department (Ref PIDA), Financial Conduct Authority,
12 Endeavour Square, London, E20 1JN
PRA's GRO !
Whistleblowing GRO... ne _.! Website:
Service www.bankofengland.co.uk/prudentialregulation/whistleblowingand-
the-pra
Address: Confidential reporting (whistleblowing) IAWB team, Legal
Directorate, Bank of England, Threadneedle Street, London, EC2R 8AH
Contacting the FCA or the PRA is not conditional on a Speak Up report first being made using
POL's internal arrangements (nor is it necessary for a disclosure to be made to POL in the first
instance), and it is possible to utilise POL’s internal arrangements and contact the FCA or PRA
simultaneously or consecutively.
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 7 of 15
POL00447997
POL00447997
Speak Up concerns usually relate to the conduct of our staff, but they may sometimes relate to the
actions of a third party, such as a customer, supplier, agent, Postmaster or service provider. In
some circumstances the law will protect those who Speak Up if they raise the matter with the third
party directly. However, we encourage individuals to report such concerns internally in the first
instance.
1.8 Protecting the Speak Up Reporter (Your Legal Rights)
POL has a statutory obligation to protect qualifying Speak Up Reporters and will endeavour to
support anyone who raises genuine concerns under this Policy from detrimental treatment, even if
the concern raised is unsubstantiated (not proven) after investigation. In respect of a certain class
of person (“Staff’ as defined under this policy) POL has a statutory obligation not to subject such
persons to detriment or to dismiss them for reporting any wrongdoing via the Speak Up function.
Where a member of Staff is subject to a Post Office settlement agreement, any clauses within it
will not prevent the member of Staff from Speaking Up. This should in any event be made clear by
the terms of the settlement agreement itself and staff should receive independent advice in relation
to those terms when entering into a settlement agreement.
All concerns raised via the Speak Up channels are treated confidentially. The Speak Up Reporters
details, or any other information where their identity could be deduced, will not be shared outside
the Speak Up process without their permission, unless required for legal purposes.
There is no requirement for the Speak Up Reporter to provide contact information, however, not
providing this information may reduce POL's ability to undertake a thorough investigation into the
concerns raised. Please note that making a disclosure anonymously means it can be more difficult
for an Employee or Staff member to be provided with protections under the PIDA legislation, as there
would be no link between the individual and the disclosure.
1.9 The Speak Up Champion and Management Reports
POL has appointed an independent Non-Executive Director as Speak Up Champion (the NED).
The Speak Up Champion acts as a point of assurance for the integrity, objectivity, independence,
effectiveness, and evolution of the Speak Up function in adherence with the Group Speak Up Policy
and associated procedures.
The Speak Up Champion oversees that:
+ A speak up culture is proactively encouraged throughout POL
+ The current arrangements are challenged and assessed for areas of continuous
improvement and best practice
+ Reporters are always supported and protected when raising a concern
+ Barriers to speaking up are uncovered and addressed
* The Speak Up team, senior managers and leaders receive training on the importance of
Speak Up Reporter support
+ Root cause analysis is undertaken for all cases and issues, so that continual improvements
can be made in the relevant areas
The Speak Up Champion will also be an additional point of escalation for feedback or concerns
raised about the Speak Up function from other parts of the organisation.
The Director of Assurance & Complex Investigations has oversight of the Speak Up Team as well
as investigations that result from Speak up reports.
The Speak Up Manager oversees the day-to-day management of Speak Up reports and Speak Up
Team. The Speak Up Manager is also responsible for ensuring that reports are investigated and
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 8 of 15
POL00447997
POL00447997
responded to in a timely manner. They determine the appropriate parties who should investigate
the allegations raised, considering the sensitivities and seriousness of the report.
The Speak Up Manager is also responsible for identifying key trends or issues and providing
assurance to the Board that the Policy is complied with.
1.10 Responding to Speak Up Reports
In all instances any Speak Up reports, regardless of reporting method, will be responded to within 5
working days.
All reports will be fully reviewed and investigated and any information, including emails, or records of
telephone calls, letters, or any other form of communication will be stored securely and confidentially.
Any investigations will be carried out in accordance with the Group Investigations Policy and
Investigator's Manual. The Speak Up Manager will ensure that investigations are allocated to the
appropriate team via A&Cl’s Triage function.
The time frame for investigating the reports raised is dependent on the nature of the report and the
investigation required. The Speak Up Reporter will be given feedback via the reporting channel
they have used or have given the Speak Up Manager permission to use (Speak Up line, e-mail or
phone call) during the course of the investigation and once it has been concluded. The frequency
of up-dates will be agreed with the Reporter at the start of the investigation.
Where an anonymous report is received, Speak Up Reporters will not ordinarily be able to receive
feedback and details of action taken by POL may be limited. However, feedback in this instance
could be sought through a telephone appointment or by using an anonymised email address.
1.11 Other Contact Details
Grapevine:
24/7 Security Support Centre provided by Kings Ltd. Grapevine provide security advice and record
all security incidents across the business, this includes burglaries, robberies and the reporting of
suspicious activity.
BSC:
Branch Support Centre (BSC) is a helpline and the first port of call for Post Office branches if they
have any operational query or require assistance.
e Telephone Number
© EMA: bnreernpenseo nen ouvernewmeren
Customer Support Team:
Complaints handling team based in Chesterfield. The team address complaints reported into Post
Executive Correspondence Team... -ve-re-ncreereeenerneeeenn
E-mail GRO
various stakeholders within the business in order to resolve complaints.
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 9 of 15
POL00447997
POL00447997
2 Risk appetite and required operational standards.
2.1 Risk appetite
Risk Appetite? is the extent to which Post Office will accept that a risk might happen in pursuit of day-
to-day business transactions. It therefore defines the boundaries of activity and levels of exposure
that Post Office are willing and able to tolerate.
The risk tolerance level will be varied against each business unit. Information should be sought from
the Central Risk Team with regards to the agreed appetite relevant to the policy being written.
Post Office have a five-scale approach to risk appetite, Averse, Cautious, Neutral, Flexible and
Open.
Post Office acknowledges however that in certain scenarios even after extensive controls have been
implemented a product or transaction may still sit outside the agreed Risk Appetite. In this situation, a
risk exception waiver will be required. (See section 1.4 for further details)
2.2 Policy framework
The Speak Up Policy should be considered and read in conjunction with other policies where
relevant. These may include the Group Investigations Policy, the Financial Crime Policy, the Anti-
Bribery & Corruption Policy, Health & Safety Policies and HR Policies where relevant:
Who must comply?
Compliance with this Policy is mandatory for all Post Office employees® subsidiaries and commercial
partners and applies wherever in the world the business is undertaken. All third parties who do
business with Post Office including consultants, suppliers and business and franchise partners, will be
required to agree contractually to this Policy with their own equivalent Policy.
Where material non-compliance is identified the matter must be referred to the Policy Owner and
Sponsor. Where required, any investigations will be conducted in accordance with the Investigations
Policy. Where is it identified that that an instance of non-compliance is caused through wilful
disregard or negligence, this may be treated as a disciplinary offence.
The next page sets out the minimum required operational standards that Post Office has
implemented to control these risks.
2 The Risk appetite was agreed by the ARC May 2023
* In this policy “employee” and "staff" means all persons working for the Group or on our behalf in any capacity including employees
at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, and contractors.
INTERNAL and EXTERNAL Group Policy Speak Up_May24
Page 10 of 15
2.3 Policy Required Operational Standards
POL00447997
POL00447997
A required operational standard defines the level of control that must be in place to manage inherent risks so that they remain within the defined Risk
Appetite statements. This section of the policy also sets out the Business Area(s) responsible for managing that risk through their controls, and all employees
must ensure that they comply with the policy requirements. There must be mechanisms in place within each business unit to demonstrate compliance. The
policy required operational standard can cover a range of control types, i.e., directive, detective, corrective and preventive which are required to ensure risks
are managed to an acceptable level and within the defined Risk Appetite.
The table below sets out the relationships between identified risk and the required policy operational standard in consideration of the stated risk appetite. The
subsequent pages define the terms used in greater detail:
Risk area Description of risk Required operational standard Business control I Frequency
owners
Receipt and I Failure to meet legal and regulatory I Preventative control: POL CEO and Board Ongoing
investigation requirements POL must nominate a Speak Up Champion to must nominate the
of Speak Up provide governance and oversight, ensuring that Speak Up Champion
matters all reports are fully investigated and that any
appropriate corrective action is undertaken.
The Speak Up Manager must provide a Speak Up .
report to the RCC and ARC at least annually. The Director of Annually
Assurance & Complex
Any Speak Up concerns must be promptly Investigations 's idi
escalated to the GLD, GGC and the Speak Up tert le for providing
Champion. repo!
Detective control: ae
. Training must be
All Employees and Staff are trained, and the Policy Speak Up Manager provided at least
is available to them annually and
within 30 days of
joining Post
Office
Must ensure that appropriate arrangements are in Speak Up Manager Ongoing
INTERNAL — Group Policy Speak Up_May24 Page 11 of 22
POL00447997
POL00447997
place to ensure that Speak Up reports are
addressed promptly including during absences.
Communications and awareness provided to all Speak Up Manager Ongoing
Employees and Staff.
Corrective Control Speak Up M Ongoi
The Speak Up Manager must escalate Speak Up Peak Up Manager ngoing
reports to the appropriate Integrity Investigator
for investigation to take place.
The nominated Investigator is responsible for AMooated Uivestigator Ongoing
conducting the investigation must report the
findings back to the Speak Up Manager.
Breach of Failure to ensure confidentiality for I Preventative control: Speak Up Manager Ongoing
confidentiality I the Speak up Reporter Speak Up Policy is robust and up to date.
Confidential Speak Up line reports are shared only I Speak Up Manager is Ongoing
with the Speak Up responsible for ensuring
Manager and nominated deputies that reports are shares
with the appropriate
persons
Speak Up email inbox access is restricted to the Speak Up Manager Ongoing
Speak Up Manager and nominated deputies
. Speak Up Manager Ongoing
Speak Up Manager must put arrangement in
place to protect the confidentiality of the Speak
Up Report during investigations
Detective control: Speak Up Manager Ongoing
All incidents of breaches are escalated to the Head
of the Central Investigations Unit to review and
take necessary actions.
Incorrect An individual may raise a Speak Up I Preventative Control:
INTERNAL — Group Policy Speak Up_May24 Page 12 of 22
POL00447997
POL00447997
handling of report with other individuals in the I Training provided to contact teams to identify I Speak Up Manager Ongoing and
Speak Up Group. Details may then be shared I potential Speak Up reports and ensure these are within 30 days of
report with various stakeholders before I correctly handled, e.g.: joining POL
being passed onto the Speak Up I , Grapevine,
Manager. + BSC,
+ Customer Support, and
+ Executive Correspondence Team.
Communications and awareness provided to all .
Employees and Staff. Ongoing
Speak Up Manager
Detective Control:
All incidents of breaches are escalated to the
Director of Assurance & Complex Investigations Speak Up Manager to I Ongoing
escalate to the Director
of Assurance &
Complex Investigations
Insufficient Failure to capture/report sufficient I Directive Control:
Information information about the issue may I Reporters are encouraged to report issues and Speak Up Champion Ongoing
mean that the underlying issue I provide full information and their contact details, and Speak Up Manager
cannot be properly investigated and I where they feel able to do so. to encourage
resolved Employees and
Staff to do so.
Detective Control:
All reports, including those where insufficient
information has been provided and no further Speak Up Manager
action was taken are recorded on the Speak Up .
database, which is reviewed for trends and issues. Ongoing
The ‘Speak Failure to effectively record Preventative Control:
Up’ Service Speak Up reports and pass onto I The Speak Up Manager must review the Director of Assurance & I Annually
INTERNAL — Group Policy Speak Up_May24 Page 13 of 22
POL00447997
POL00447997
the Speak Up Manager, due to
factors such as resource or IT
failure.
effectiveness of the service
Convercent at least annually.
provided by
The Speak Up Manager must review the
Complex Investigations
to ensure review takes
place.
effectiveness of the processes operated by Annually
Grapevine, BSC, Customer Support, and The Director of Assurance &
Executive Complaints Team at least annually to I Complex Investigations
ensure that Speak Up reports are identified and I to ensure review takes
communicated promptly. place.
Treatment of Breach of Speak Up guidelines Preventative Control
Speak Up such that a Speak Up Reporter I Training must be provided to all people managers Speak Up Manager Ongoing
Reporters suffers prejudice, detriment or I as part of their induction process as a manager and
dismissal as a result of making a I on appointment to POL.
Speak
Up report Annual training must be provided to all POL Speak Up Manager
Employees and Staff to remind them of the Ongoing
protections available to Speak Up and the
importance of identifying and
reporting wrongdoing
The Code of Business Standards must refer to the Speak Up Manager and
Speak Up policy must be provided to all new People Training
joiners as post of their induction programme. Manager Ongoing
Line managers I A Reporter may not want to make a I Preventative Control
report to their line manager in case I Employees and Staff should be made Speak Up Manager Ongoing
it affects their relationship or where I aware of the multiple ways to disclose a report
the disclosure involves the line and also that reports can be anonymous.
manager.
Training must be provided to line managers as part
of their induction process as a manager and on Speak Up Manager Ongoing
appointment to POL regarding the handling of
INTERNAL — Group Policy Speak Up_May24 Page 14 of 22
POL00447997
POL00447997
reports and the importance of encouraging
Employees and Staff to make reports.
Support Speak Up Reporters are not Preventative Control
available to supported throughout the process I Feedback should be taken from Speak Up Speak Up Manager Ongoing
Speak up of an investigation throughout an investigation to monitor that they feel
Reporters supported and protected by the POL
INTERNAL — Group Policy Speak Up_May24 Page 15 of 22
POL00447997
POL00447997
3 Where to go for help
3.1 Additional policies
This Policy is one of a set of policies. The full set of policies can be found on the SharePoint Hub
under Policies
3.2 How to raise a concern
Any Post Office employee who suspects that there is a breach in this Policy should report this without
any undue delay, staff may:
Discuss the matter fully with their Line Manager; or,
A senior member of the HR Team, or
Direct to the Whistleblowing Managet
Contacting the “Speak Up” line, a confidential reporting service which is run by an
independent company Conv:
o Telephone Number:
o _http://speakup.postoffice.co.uk/ which is a secure on-line web portal.
ec eoee
3.3 Who to contact for more information.
If you need further information about this policy or wish to report an issue in relation to this policy,
INTERNAL and EXTERNAL Group Policy Speak Up_May24 May 2024 Page 16 of 22
POL00447997
POL00447997
4 Governance
4.1 Governance responsibilities
The Policy sponsor takes responsibility at GE level for policies covering their areas.
The Policy Owner is the Director of Assurance & Complex Investigations, who is responsible for
ensuring that the content is up to date and is capable of being executed. As part of the review
process, they need to ensure that the minimum controls articulated in the policy are working or to
identify any gaps and provide an action plan for remediation.
Additionally, the Director of Assurance & Complex Investigations is responsible for providing
appropriate and timely reporting to the Risk and Compliance Committee and the Audit and Risk
Committee as required.
The Audit and Risk Committee are responsible for approving the Policy and overseeing compliance.
The Board is responsible for setting the Group's risk appetite.
INTERNAL and EXTERNAL Group Policy Speak Up_May24 May 2024 Page 17 of 22
POL00447997
POL00447997
5 Definitions
5.1 Definitions
“Employee” and “Staff? means an individual who has entered into or works under (or, where the
employment has ceased, worked under) a contract of employment or any other relevant contract,
as defined in sections 230(2) and (3) of the Employment Rights Act 1996, with Post Office or the
Group or is defined as a “worker” under section 43K Employment Rights Act 1996.
“Post Office’, “POL” and “Group” mean Post Office Limited and any wholly owned subsidiary that
formally adopts this Policy.
“Speak Up” in the context of PIDA refers to the act of a person (the “Speak Up Reporter’) making
a disclosure that the Reporter reasonably believes is (a) in the public interest, and (b) regarding
past, present or likely future wrongdoing that falls into one or more of the following categories:
+ criminal offences (this may include types of financial impropriety such as fraud)
+ failure to comply with an obligation set out in law (including regulatory breaches)
* — miscarriages of justice
* endangering of someone's health and safety
+ damage to the environment
* covering up wrongdoing in the above categories
* abreach of the POL’s policies and procedures
* behaviour that harms or is likely to harm the reputation or financial well-being of the POL
INTERNAL and EXTERNAL Group Policy Speak Up_May24 May 2024 Page 18 of 22
6 Document control
POL00447997
POL00447997
6.1 Document control record
Summary
GE policy sponsor
Group General
Counsel
Version
Policy owner I Policy Author
Director of Speak Up Manager
Assurance &
Complex
Investigations
Document review
I Policy — effective date
Standard approver
RCC & ARC
Policy location
Revision history
Version
1.4
1.5
1.6
2.0
2.2
2.3
2.4
4.2
4.3
5.0
I Date
April 2016
August
2017
September
2017
September
2017
June 2018
July 2018
July 2018
September
2018
September
2018
June 2019
June 2019
July 2019
September
2019
September
2019
April 2020
June 2020
July 2020
July 2020
INTERNAL and EXTERNAL
period
Annually April 2023
Changes
Sponsors review and sign-off
Annual Review and update
POL R&CC approval
Final Version Approved
Annual Review and update
POL R&CC approval
POL ARC approval
POMS ARC approval
Final version approved
Annual review and update
Incorporating legal review comments
POL R&CC approval
POL ARC approval
Final version approved
Updated with new Speak Up service
contact details
Annual review and update
POL R&CC approval
Final approval by ARC’s
Group Policy Speak Up_May24 May 2024
Policy Hub Intranet
Key policies
‘sharepoint.com
Updated by
Jane MacLeod
Vitor Camara
Thomas Richmond
Thomas Richmond
Vitor Camara
Sally Smith
Sally Smith
Sally Smith
Vitor Camara
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Sally Smith
Page 19 of 22
POL00447997
POL00447997
5.1 March 2021 Amendments following Protect self Sally Smith
assessment and external review by
Herbert Smith Freehills
5.2 March 2021 Amends after Group Director of Sally Smith
Compliance review
5.3 March 2021 POL R&CC approval Sally Smith
5.4 March 2021 POL ARC approval Sally Smith
6.0 May 2021 POI ARC approval Sally Smith
6.1 July 2021 Amended Speak Up contact details Jenny Brady
6.2 March 2022 Changed responsible people from MRLO Sally Smith
to Head of Central Investigations Unit and
added paragraph following internal audit
recommendations.
6.3 March 2022 Annual approval by RCC Sally Smith
7.0 April 2022 Annual approval by ARC Sally Smith
8.0 April 2023 Annual approval. Updates with new Speak John Bartlett
Up function following External Review by
EY
9.0 April 2024 Annual approval by R& CC John Bartlett
6.2 Oversight committee: Risk and Compliance Committee / Audit
and Risk Committee
Committee Date approved
POL R&CC 07/05/24
POL ARC 21/05/24
POMS ARC TBC
Next policy annual review date: May 2025
5.3. Company details
Post Office Limited and Post Office Management Services Limited are registered in England and Wales. Registered numbers 2154540 and
08459718, respectively. Registered Office: 100 Wood Street, London, EC2V 7ER
Post Office Management Services Limited is authorised and regulated by the Financial Conduct Authority (FCA), FRN 630318. Its Information
Commissioners Office registration number is ZA090585.
Post Office Limited is authorised and regulated by Her Majesty's Revenue and Customs (HMRC), REF 12137104. its Information Commissioners
Office registration number is 24866081.
Payzone Bill Payment Limited is a limited company registered in England and Wales under company number: 11310918.
VAT registration number GB 172 6705 02. Registered office: 100 Wood Street, London, EC2V 7ER
INTERNAL and EXTERNAL Group Policy Speak Up_May24 May 2024 Page 20 of 22
POL00447997
POL00447997