POL00448352 - Investigation Policy - Draft for Comment v.1.2
POL00448352
POL00448352
GROUP POLICIES
Investigations. Policy - Draft
for Comment
Version -— V1.2
Chief Executive’s Endorsement
The Post Office Group is committed to doing things correctly. Our Values and
Behaviours represent the conduct we expect. This Policy supports these to help us
ensure the highest standards of integrity, proper behaviour, crime prevention,
detection and management are maintained.
POL00448352
POL00448352
1. Overview ......
1.1. Introduction by the Policy Owner.
1.2. Purpose.
1.3. Core Principles
1.4. Application...
1.5. Responsibilities
2. Managing an investigation...
2.1. How should issues be reported or captured?....
2.2. Grounds for considering a matter for internal investigation .....
2.3. Triage...
2.4. Commissioning Manager....
2.5. Establishing the scope of the investigation ....
2.6. Appointing an Investigator and other personnel
2.7. Investigatio:
2.8. Witnesses and witness interviews.
2.9. Timescales for Investigation ...
2.10. Investigation Report
2.11. Outcomes...
3. Risk Appetite and Minimum Control Standards
3.1. Risk Appetite
3.2. Policy Framework...
3.3. Who must comply?....
3.4. Minimum Control Standards...
4. — Tools and definitions......
4.1. Tools...
4.2. Definitions
5. Where to go for help
5.1. Additional Policies
5.2. How to raise a concern...
5.3. Who to contact for more information
6. Governance.
6.1. Governance Responsi
INTERNAL. Page 2 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
7. Control...
7.1. Policy Version...
7.2. Policy Approval....
Schedules
INTERNAL. Page 3 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
1. Overview
1.1. Introduction by the Policy Owner
The Group General Counsel has overall accountability to the Board of Directors for the
design and implementation of controls in relation to internal investigations. Post Office’s
Board of Directors have overall responsibility for ensuring that Post Office has a framework
to ensure compliance with legal, regulatory, and contractual requirements. The outcomes
of investigations are reported to the Audit and Risk Committee and the Post Office Board
as required.
1.2. Purpose
This Policy has been established to set the minimum operating standards for the
management of internal investigations throughout the Group!. Internal investigations are
a part of corporate governance, and this Policy focuses on controls to conduct an effective
internal investigation. Compliance with this Policy supports the Group in meeting its
business objectives, including the proper management of risk, and its commitment to act
professionally, proportionately, fairly and with integrity in its business dealings and
relationships through the implementation and enforcement of effective systems to protect
its business.
This Policy is intended to compliment the Group's existing suite of Policies, many of which
contain details of subject specific investigation and reporting requirements. Some matters
requiring investiation will not be covered by any other policy. In either case this Policy will
assist individuals tasked with undertaking an investigation to understand the Group's
overarching aims and investigation principles.
1.3. Core Principles
Post Office takes its responsibilities for complying with law and regulations seriously. It
expects staff? to adhere to Policies and procedures, operate with honesty and integrity and
within the law, and not bring the Post Office into disrepute.
Post Office’s Group Policies set out the key legislative and regualtory requirments that Post
Office must adhere to, its risk appetites, and the key controls to ensure compliance,
including the requirements to undertake investigations into suspected breaches, failures
or causes for concern.
This Investigations Policy gives guidance about how to ensure issues are captured and
evaluated, and deciding whether an investigation is necessary. It fixes the minimum
standards required to ensure that internal investigations, regardless of the scope, are
prompt, effective and professionally managed, and that findings are responsibly
addressed.
"In this Policy “Post Office” and “Group” mean Post Office Limited and wholly owned subsidiary
2 In this Policy “staff” means permanent staff, temporary including agency staff, contractors, consultants and anyone else working
for or on behalf of Post Office, excluding agents (including Postmasters)
INTERNAL. Page 4 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
When faced with concerns or allegations of impropriety of any kind, including illegality,
breach of Policy, controls or regulation, or wrongdoing regardless of the source, it is
essential for the Post Office to take prompt and appropriate action to determine:
Whether the concerns or allegations have any basis or merit
The scope and cause of any impropriety
The measures needed to remedy the issues
How to best manage and defend against any legal and/or reputational damage
associated with the impropriety, such as government reporting requirements, civil and
criminal liability
¢ Whether and to whom to report issues, particularly where reporting is a regulatory
requirement or where the issues are material or reveal systemic shortcomings in
practice or culture.
This Policy establishes protocols for:
Capturing issues that may require investigation
Triaging and assessing issues to establish whether to investigate and any urgency
Initiating an investigation
Investigation design and management
Data collection and preservation
Witness interviews
Reporting
Corrective action and necessary Policy or procedure review
eo eer eeoe
1.4. Application
This Policy is designed to establish the minimum standards of investigation to assist the
business in controling financial loss, customer impact, regulatory breaches and
reputational damage in line with the requirments of specific other Group Policies and the
Group’s Risk Appetite. This Policy applies to all companies in the Post Office Group.
The processes set out in this Policy must be applied in [all circumstances OR in all
cases except cases of investigations required in the People space] where:
1. Another of Post Office’s Policies state that an investigation shall be undertaken
under this Policy;
2. Another of Post Office’s Policies provides no guidance on the conducting of
investigations under it; or
3. A concern or allegation comes to Post Office's attention which is not the subject
matter of any of Post Office’s other Policies.
Investigations into certain specific matters may be subject to the unique procedural
requirments of certain local policies. [This is particularly true of People Policies, which
contain specific procedures that have been agreed with our trade unions.] In such cases,
those responsible for conducting investigations under the local Policy, whilst always having
regard to the overarching principals of this Policy, must follow any presciptive procedural
requirements of the applicable local policies.
1.5. Responsibilities
Key individuals and their specific responsibilities in relation to this Policy are:
INTERNAL. Page 5 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
© The Post Office Board has overall responsibility for ensuring that Post Office has
a framework to ensure compliance with legal, regulatory, and contractual
requirements. The Board is kept abreast of relevant matters relating to the
management of investigations by reports from its committees including its Audit
and Risk Committee (ARC).
« The Group General Counsel for Post Office is the Policy Sponsor, accountable to
the Post Office Board overall.
« The Group Legal Director is the Policy Owner responsible for the day to day
implementation of and compliance with this Policy, for maintaining a dashboard of
appropriate Management Information and for reporting that MI, including to ARC
[on a quarterly basis] and in the annual legal risk report. The Group Legal Director
is accountable to the General Counsel.
e The Group Policy Owners are responsible for managing risk in specific areas
under Post Office’s Group Polices. In relation to those specific risks, Group Policy
Owners are responsible for establishing proportionate processes to: capture reports
of concerns, triage reports of concerns, nominate Commissioning Managers, and
for maintaining and reporting MI to the Group Legal Director.
« The Commissioning Manager has overall responsibility for each investigation,
including identifying applicable local policies, laws and regulations, defining its
scope, and appointing an Investigator.
« The Investigator is responsible for carrying out investigations and for any other
tasks delegated by the Commissioning Managers, such as reporting and liaising
with stakeholders.
* The Compliance, Legal and People Teams are responsible for supporting as
requested by the Commissioning Manager or Investigator.
Post Office depends on the cooperation of its employees when conducting internal
investigations. Post Office employees are required to cooperate with Company
investigations in accordance with Post Office Conduct Code. Employee refusal to cooperate
in a company investigation may result in disciplinary measures being taken in accordance
with the Conduct Code Procedure.
INTERNAL. Page 6 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Managing an investigation
2.1. How should issues be reported or captured?
Post Office is a large and diverse business. Issues and concerns may arise anywhere, in
many ways. Some key examples of how concerns might arise are:
1. Reports by staff or agents : Individuals may report concerns directly to their line
managers, key contacts, Area Managers, or through Post Office’s whistleblowing
channels.
2. Through our day to day work: Concerns will become apparent in the ordinary
course of work or through the work done by our internal audit teams.
3. From external agencies: Reports of concerns can come from external sources,
such as the Police, the National Crime Agency, Regulators, or though formal reports
such as Suspicious Activity Reports.
4. Courts, Tribunals or Inquiries: Findings in judicial or quasi judicial processes
could reveal concerns about Post Office and the way that it does business.
Post Office actively encourages staff to report knowledge of concerns or suspicions of
wrongdoing. In somecases, that is a contractual requirement.
Group Policy Owners should ensure that the correct framework is in place and effectively
communicated so that staff and, where appropriate, third parties know how to raise
concerns about risks or concerns arising in their specific areas. Typically this will be via
escalation through line managers, but can be to a specific function or person by way of a
dedicated mailbox or phoneline. Specific mailboxes or contact details should be set out in
local policies and shown at Schedule 1. Where a reported concern is received in writing, it
should be acknowledged in approproate terms, without undue delay. Where a specific
mailbox is established this can be by way of automatic reply in terms attached to Schedule
5.
Where staff become aware of a concern in respect of which there is no current Group Policy
Owner (and therefore no established channel for reporting or triaging that concern) they
must refer the issue to the Group Legal Director or Whistleblowing Officer as appropriate
(except in the case of conflict, in which case with the Head of Internal Audit) who shall
then either assign the matter to an appropriate Group Policy Owner, or elect to become
the person responsible under this policy for triaging, overseeing any investigation
(including appointing a Comissioning Manager), and for ensuring that MI about
investigation outcome is communicated to the Group Legal Director.
2.2. Grounds for considering a matter for internal investigation
Not every problem, suspicion or issue that is reported, identified or otherwise arises will
require formal investigation. In some cases, a formal investigation may be
disproportionate to the matter arising. Dependent on the nature of the problem, suspicion
or issue, it might be appropriate to manage it informally after no, or some limited informal,
investigation. Where the decision is taken not to undertake a formal investigation, this fact
should, for audit purposes, be recorded by the person making that decision..
Specific facts or circumstances, however, make conducting an internal investigation a
mandatory requirement. Group Policy Owners are responsible to ensure these
circumstances are clearly identified in relevant Group and associated local Policies. They
include, by way of example:
INTERNAL. Page 7 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
e A failure to comply with Regulatory obligations, such as those enforced by the
Financial Conduct Authority (FCA) or the Information Commissioners Office (ICO).
e A failure to comply with Group Policies
e An express requirement under a third party contract to investigate certain
suspicisions, allegations or circumstances, such as concerns about modern slavery
in a supply chain
Outside of circumstances in which an investigation is mandatory, Post Office has discretion
about whether to investgate. However certain allegations or concerns weigh heavily in
favour of considering an invetigation (“Persuasive Factors”). These include, but are not
limited to:
« A possible criminal offence has been committed, is being committed or is likely to
be committed
e A person has failed, is failing or is likely to fail to comply with any legal obligation
to which he is subject
e Amiscarriage of justice has occurred, is occurring or is likely to occur
e The health or safety of any individual has been, is being or is likely to be
endangered
e The environment has been, is being or is likely to be damaged
* Concerns that Post Office is operating outside of risk appetite in certain areas,
without the appropriate governance
« Matters that could involve regulatory fines, penalties or liabilities
« Possible harm to Post Office business or property
« Employee complaints that reveal improper conduct, a breach of employment law,
or could form the basis of a complaint to a court of tribunal
e Postmaster complaints relating to a material, frequently arising or systemic issue
* Allegations about matters which if true or not investigated could harm Post Office’s
brand or reputation
If there is doubt about whether a matter should be referred for investigation, staff should
discuss the situation with line managers or with SME colleages, if appropriate. If in any
doubt, the matter should be escalated for consideration to the relevant Group Policy Owner
or, where there is no Group Policy Owner, to the Group Legal Director or Whistleblowing
Officer in acordance with section 2.2.
2.3. Triage
Group Policy Owners are responsible for ensuring that an adequate process is in place for
triaging concerns reported to them and deciding whether to refer them for investigation
and, if so, any urgency.
The decision about whether a matter should be investigated and its urgency will often
involve the exercise of judgment about the facts and circumstances. However, any process
of triage should have particular regard to:
1. Any mandatory requirement to investigate under any law, regulation, or other
Policy;
2. Any Persuasive Factor to investigate as set out under 2.2 of this Policy;
3. Any presbribed time frames, fixed either by law, regulation, direction or other
Group or associated local Policy;
4. Whether the matter arises in the context of, or is likely to result in, legal or
regulatory action.
Any process of triage should build in time and the mechanism to draw upon SME knowledge
or legal advice wherever appropriate. Where any matter appears particularly sensitive,
serious, or indicates a potential trend, triage should also involve consultation with the
INTERNAL. Page 8 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Group General Counsel except in the case of conflict, in which case with the Head of
Internal Audit.
2.4. Commissioning Manager
Group Policy Owners are responsible for nominating a Commissioning Manager for the
investiation of any matter which is deemed necessary to investigate. This nomination can
be established by way of a standing protocol, under a Group or associated local Policy, or
by the Group Policy Owner in writing. The Commissioning Manager will be either:
- the Group Policy Owner; or
- Apperson or team appointed in writing by the Policy Owner, either on a permanent,
temporary, or case-by-case basis to act as Commissioning Manager.
The Commissioning Manager should never be someone who is implicated in the matter
being investigated. If a Commissioning Manager finds they are conflicted they must refer
the matter to the Group Policy Owner, or where the Group Policy Owner is themself
conflicted, to the Group Legal Directoror Head of Internal Audit, as appropriate, and a new
Commissioning Manager should be assigned.
The Commissioning Manager shall have overall responsibility for the investigation,
including:
e = Taking initial legal advice including on whether any law, regulation or local policies
apply and whether the investigation should be conducted under legal
privilegeReviewing the information gathered to date, including any initial report,
complaint, or summary of the issues
e Ensuring that the scope of the investigation and, where appropriate, establising
terms of reference
« Identifying any relevant Policies, guidance or regulations that may apply to the
matters being investigated and ensuring these are complied with;
« Ensuring that any necessary or otherwise suitable safeguards are understood and
put in place, for example: whether specific warnings or cautions must be given,
any whistleblower protections, and that privacy, data protection and confidentiality
requirements are understood;
e Managing any communications with stakeholders, including where applicable and
appropriate any complainant/s;
e Appointing any personnel to specific functions within the investigation, including
the Investigator and any other support from People Teams or from specialists inside
or outside of POL;
« Ensuring that any outcomes, including any recommendations, are sent to the
appropriate people or Groups;
« Feeding outcomes back into the system of Management Information established by
the Policy Owner.
2.5. Establishing the scope of the investigation
The Commissioning Manager must establish the scope of the investigation. This should be
done at the start of the investigation, although the Commissioning Manager should be
flexible in ensuring that the scope can be amended as the investigation proceeds.
It will often be helpful for the Commisioning Manager to draw up written terms of reference
to guide the Investigator. Any terms of reference should be kept under review as the
investigation proceeds. During the investigation, the Investigator may identify additional
concerns (for example, in a whistle-blowing investigation after the investigator has met
with the whistleblower). If so, the Investigator should flag these to the Commissioning
Manager to query whether the terms of reference should be expanded, or whether a
INTERNAL. Page 9 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
separate investigation is required. The Commissioning Manager controls what is included
within the terms of reference and the scope of the investigation.
A template terms of reference is attached at Schedule 2. This may be used as a starting
point, but it is not a requirement of the Policy that it must be used and the Commissioning
Manager should amend it as appropriate to reflect the requirements of the investigation in
question.
2.6. Appointing an Investigator and other personnel
The Commissioning Manager must appoint an Investigator. In some cases the identity of
the Investigator may be mandated by a local Policy, by law or regulation. It is a part of
the the Commissioning Manager’s responsibility to establish this at the outset, drawing
upon advice, as necessary.
In other cases the Commissioning Manager may delegate (without abrogating
responsibility for) the conduct of the investigation to an Investigator of his or her choosing.
Exceptionally it may be possible for the Commissioning Manager personally to be the
Investigator.
The Investigator should not be someone who is named or potentially implicated in the
matter being investigated. Where individual employees are named or implicated in the
complaint, where possible, the Investigator should not be one of the named individual’s
subordinates (direct or indirect) and it will be ideal if they are of the same or higher
seniority. It may be preferable in many cases to appoint an Investigator from a different
area of the business, although that needs to be set against the Investigator having suitable
knowledge of the subject matter, if that is important. The Commissioning Manager should
ensure that any Investigator appointed is sufficiently independent and suitable.
The Commissiong Manager may in some cases choose to appoint an external
investigator(s) to carry out the investigation function. However that would be the
exception rather than the rule.
The Commissioning Manager may also delegate (again without abrogating responsibilty)
other functions of the investigation, for example communications with stakeholders, to
suitable staff (e.g. to the People Team).
2.7. Investigation
It will be for the Investigator, in discussion with the Commissioning Manager and having
regard to the requirements of any law, regulation or other applicable Policies, to determine
the steps needed to investigate any issues.
Investigation should be proportionate and fair. Investigators should seek to gather facts
and evidence around the issues, as necessary. This will often include witness evidence.
Proportionality should also be considered. The more serious the issues or its consequences
and impact, the more extensive and complete the investigation should be.
Investigators must ensure that any requirements identified by the Commissioning Manager
are adhered to. These may include confidentiality, data protection and privacy principles,
whistle-blower safeguards, witness cautions (typically in investigations that could result in
criminal proceedings) any any timeframes.
The Investigator should call on advice and support from the People, Legal or Compliance
Teams, as necessary.
INTERNAL. Page 10 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
2.8. Witnesses and witness interviews
Investigations into specific matters may require certain special provisions or formalities to
attach to witness interview. By way of illustration, they include:
Where evidence gathered in an internal investigation might be used in a subsequent
criminal proceedings, it may be appropriate to give specific warnings or cautions to
witnesses before interview;
When interviewing whistleblowers, it may be appropriate to protect a witness’s
anonymity and to put steps in place to protect them from detriment.
It will be for the Investigator working together with the Commissioning Manager, and
drawing on any necessary advice, to establish whether any special requirements exist and
to apply these accordingly.
Outside of those special requirements, the broard principles that apply to all witness
inteviews are as followed:
Witnesses should be treated fairly.
Whilst there may be occasions where it is appropriate to meet with witnesses
without advance notice, in most cases it will be appropriate to formally invite the
witness to a meeting/interview on reasonable notice.
Consideration should be given to whether witnesses should be permitted to be
accompanied to any witness meeting by a companion, normally being a fellow
employee or trade union representative. This is particularly true of investigations
in where the person being interviewed suffers from a disability and requires specific
support
Witnesses should be given sufficient information (subject to confidentiality and
data protection principles) to enable them to provide meaningful evidence on the
issues being investigated.
If it clear to the Investigator that a possible outcome of the investigation might be
to recommend a formal disciplinary procedure against the witness, the Investigator
should consider following the principles surrounding investigation set out within the
Disciplinary Policy to allow the investigation to be used within any subsequent
disciplinary process. This would include giving them a chance to consider the
position or gather their own evidence, either by providing them with details of the
allegations in advance of the witness interview or by adjourning the witness
interview to allow them time to do so.
Any witness may suggest other witnesses the Investigator should speak to or
avenues of enquiry they should explore. The Investigator should encourage such
suggestions and give them thoughtful consideration, but is not obliged to pursue
such avenues if the investigator does not consider them relevant or appropriate
within the investigation.
If issues are identified during the investigation which are not directly relevant to
the issues being investigated but which may themselves be whistleblowing
disclosures or warrant investigation, the Investigator should refer these back to the
Commissioning Manager for consideration about whether the Terms of Reference
should be expanded or whether a separate investigation should be commenced.
It should be emphasised to witnesses that the investigation remains confidential
and that they should not discuss it other than with the Investigator, People Team
or any companion supporting them. It should be made clear to the witness that
their statements may be used within the investigation.
Witnesses must not be punished or subjected to any detriment for having acted as
witnesses. The Investigator should reassure witnesses of this at or before the
meeting. The Commissioning Manager is responsible for ensuring there are
safeguards to protect witnesses, including where appropriate that their managers
know that they must not be subjected to any detriment. However this paragraph
does not prevent a witness who is alleged to have carried out some misconduct
INTERNAL. Page 11 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
from being disciplined for that misconduct whether or not it was identified in a
witness interview.
e Following any witness interview, the Investigator should produce minutes of the
meeting or a statement from the witness. The Investigator may have a note taker
attend to assist in producing these. The minutes should be shared with the witness
following the meeting for them to provide any comments if they wish.
2.9. Timescales for Investigation
It will be for the Investigator working together with the Commissioning Manager, drawing
on any necessary advice, to establish whether any special timeframes exist, either by law,
regulation, or local policy, and to apply these accordingly.
If no prescribed time frames exist, it is not appropriate to fix standard timescales on how
long an investigation should take. Cases will vary and the priority should be to ensure a
proportionate and fair investigation.
However, Investigators should seek to deal with investigations without undue delay.
Where possible, Investigators should provide estimates of timescales and, if they
materially change, should keep the Commissioning Manager, relevant stakeholders and
any person being investigated updated.
Investigators should endeavour to provide an initial report on the progress of the
investigation to the Commissioning Manager within 2 weeks of receiving the terms of
reference. Investigators should also update Commissioning Managers at least monthly
after that.
2.10. Investigation Report
It will be for the Investigator working together with the Commissioning Manager, drawing
on any necessary advice, to establish whether outcomes must be presented in any
particular form.
In most cases it will be appropriate at the conclusion of an investigation for the Investigator
to produce a report. This report will set out the terms of reference or scope of the
investigation, the evidence identified and the Investigator’s conclusions on the issues.
Where appropriate, recommendations for actions should also be included.
Where appropriate the Commissioning Manager and investigator may wish to discuss the
draft report to establish that it covers the relevant points and that no further investigation
is needed. Consultation is likely to be innapropriate in some cases[, for example in the
People context if the Investigator must reach independent findings].
All investigation reports must be marked as strictly confidential. Where the investigator or
commissioning manager wishes to take legal advice on the report before pubishing a final
version, it should also be marked “privileged draft, for the purpose of taking legal advice”.
A template investigation report is attached at Schedule 3. This may be used as a starting
point, but it is not a requirement of the Policy that it must be used and other templates
may already be in established use. The Investigator should present their report in the form
appropriate to reflect the requirements of the investigation in question.
INTERNAL. Page 12 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
2.11. Outcomes
The Commissioning Manager is responsible for ensuring that any outcomes or
recommendations are implemeted, in cooperation with the Group Policy Owner where
required.
In some cases the outcome of the investigation could be to recommend a further process,
for example a disciplinary process. The Investigator should be ready to assist in any such
process if needed. It may be possible for the investigation report to be used within any
subsequent process, but this would need to be considered on a case-by-case basis. Care
would need to be taken to ensure that only information relevant to the second process
was Shared and that confidentiality and data protection principles were complied with.
Group Policy Owners are responsible for establishing systems to record and save
investigation reports, and to capture management information (MI) detailing the number
and nature of concerns that are triaged by them or by the triage processes they have
established, and the outcomes of any investigations. They should capture all the fields of
information detailed at Schedule 4.
Group Policy Owners are also responsible for reporting MI about investigations in their
specific areas to the Group Legal Director on a [monthly basis]. The Group Legal Director
is responsible for reporting MI to ARC on a [quaterly basis].
There is no defined layout or content requirement for how MI should be reported but the
following points should be covered:
- [Graphs showing categories, subject types, reporting channels, reporter type and
volumes of cases opened and closed. These graphs should show a rolling 12 month
period to help identify any trends or spikes.
- Commentary should be provided to support the graphs.
- Any potential issues or concerns identified through the reports should be raised.
- Any news or media articles relating to the matters reported.
- Updates from any horizon scanning or industry forums.
- Any changes or potential changes in legislation.
- Any other work undertaken as part of the issues raised.
- Communications planned and/or published to the business. ]
INTERNAL. Page 13 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
3. Risk Appetite and Minimum Control
Standards
3.1. Risk Appetite
Risk Appetite is the extent to which the Group will accept that a risk might happen in
Pursuit of day-to-day businesses transactions. It therefore defines the boundaries of
activity and levels of exposure that the Group are willing and able to tolerate.
The Group takes its legal and regulatory responsibilities seriously and consequently has?:
e Tolerant risk appetite for Legal and Regulatory risk in those limited circumstances
where there are significant conflicting imperatives between conformance and
commercial practicality
e Averse risk appetite for litigation in relation to high profile cases/issues
e Averse risk appetite for ligation in relation to Financial Services matters
e Averse risk appetite for not complying with law and regulations or deviation from
business’ conduct standards for financial crime to occur within any part of the
organisation
« Averse Risk Appetite in relation to unethical behaviour by our staff.
The Group acknowledges however that in certain scenarios even after extensive controls
have been implemented an action may still sit outside the agreed Risk Appetite.
3.2. Policy Framework
Post Office has established an overarching Group Investigations Policy and a suite of
policies and procedures, on a risk sensitive approach which are subject to an annual
review. The policy suite is designed to comply with applicable legislation and regulation.
The Group Investigations Policy should be considered and read in conjunction with other
policies where relevant. These include, but are not limited to, the Whistleblowing Policy,
Financial Crime Policy, the Anti-Bribery & Corruption Policy, Health & Safety Policies and
People Policies where relevant.
3.3. Who must comply?
Compliance with this Policy is mandatory for all Post Office staff and applies wherever in
the world the Group’s business is undertaken.
Where non-compliance is identified the matter must be referred to the Group Legal
Director. Where is it identified that that an instance of non-compliance is caused through
wilful disregard or negligence, this will be treated as a disciplinary offence.
The next page sets out the minimum control standards that the Group has implemented
to control these risks.
° The Risk appetite was agreed by the Groups Board January 2015
INTERNAL. Page 14 of 35 Investigations Policy 1.2 Nov 2020
3.4. Minimum Control Standards
POL00448352
POL00448352
A minimum control standard is an activity which must be in place in order to manage the risks, so they remain within the defined Risk
Appetite statements. There must be mechanisms in place within each business unit to demonstrate compliance. The minimum control
standards can cover a range of control types, i.e. directive, detective, corrective and preventive which are required to ensure risks are
managed to an acceptable level and within the defined Risk Appetite.
The table below sets out the relationships between identified risk and the required minimum control standards in consideration of the stated
risk appetite. The subsequent pages define the terms used in greater detail:
Risk Area Description of Risk Minimum Control Standards Who is I When
responsible?
Failure to I Staff or other individuals learn I Employees, and particularly senior managers, I Principal Employment I Ongoing
identify issues I of issues but do not believe I should be contractually required to report I lawyer/ People
that require I they must, can or should I their own wrongdoing and the wrongdoing of I Function
investigating I report them or even how to I others.
(including report those issues. They may
unethical feel fearful to report issues,
behaviour by I particularly where a senior I Provide and_ effectively © communicate Ongoing
staff) manager is involved. adequate policies and channels for employees I The Board is
and others, including agents, agents’ I Responsble for
assistants and members of the public, to I ensuring the correct
report wrongdoing or concerns and to do so I Policies are in place.
anonymously if desired.
Group Policy Owners
are responsible for
ensuring Policies and
reporting channels
are adequate and
effectively
communicated
Adequate training to be given to staff on I Group Policy Owners I At suitable
potential legal and regulatory issues that can intervals to be
established by
INTERNAL Page 15 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
arise in specific areas in the ordinary course
of business.
the Group
Policy Owners
Failure toI Lack of audit trail and I Group Investigations Policy to fix minimum I Group Legal Director I Ongoing
properly documentation could I standards for notetaking and record keeping I is responsible for
record and I undermine the integrity of I and provide a model investigation plan that I fixing the minimum
document the I investigations can be followed for each investigation, unless I standards and
investigation another prescribed process applies. I providing templates.
Documented processes and templated reports
to ensure consistency The Commissioning
Manager and I At the outset of
Investigator are I each
responsible for I investigation
notetaking and record
keeping.
Commencing Conducting investigation I Group Policy Owners are responsible for I Group Policy Owners I When drafting
Investigations I without regard to the correct I ensuring Group and local policies refer to all or reviewing
internal policy, applicable laws I applicable laws, regulations and_ special Group Policies.
or regulation, resulting in I provisions that apply in specific areas.
unlawful, unreasonable, At the outset of
incomplete or ineffective IA Commissioning Manager should be I Commissioning any
investigation. Specific concern I appointed for each matter requiring I Managers investigation.
should be given to I investigation and is responsible for identifying
investigations into postmaster I applicable Policies, laws and Regulations, and
theft; and that any I ensuring they are fully understood and
employment related issues I adhered to, drawing upon any necessary
follow the procedures and I advice.
requirements of People Upon joining
Policies. Employees involved in teams associated with I Relevant Group Policy I Post Office and
investigating suspected agent theft/false I Owners bi-annually
accounting or in People Functions should thereafter
receive training on the approach to be taken
in, and Policies applicable to, those specific
cases.
INTERNAL Page 16 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Commencing Failing to recognise that an I Commissioning Managers should be prompted I The Group LegalI When drafting
Investigations I investigation ought to be I to consider privilege and encouraged to take I Director is I and annual
carried out under legal I legal advice at the outset of an investigation. I responsible for I review of GIP.
privilege flagging the issue in
the GIP.
Commissioning At the outset of
Managers are each
responsible for taking I investigation
advice.
Training and education on privilege to be I General Counsel Upon joining
given to appropriate personnel and teams Post Office and
bi-annually
thereafter
Conducting Failing to give appropriate I Policies should highlight areas in which I Relevant Group Policy I When drafting
investigations
cautions to witnesses resulting
in certain evidence becoming
inadmissible/unusable in
future criminal proceedings
material gained during investigation could end
up being used in regulatory or criminal
proceedings, e.g. Loss Prevention
Commissioning Managers should be reminded
about the need to caution in appropriate cases
and encouraged to take legal advice at the
outset of an investigation.
Owners
The Group Legal
Director is
responsible for
flagging the issue in
the GIP
Commissioning
Managers are
responsible for taking
advice.
or reviewing
policies
When drafting
and annual
review of GIP
At the outset of
an
investigation
INTERNAL
Page 17 of 35
Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Where the Commissioning Manager or
Investigator has reason to believe that the
investigation may uncover criminal conduct
(such as theft, conspiracy, bribery, corruption
or modern slavery) they should cease witness
interviews and take appropriate advice from
legal.
Commisioning
Manager or
Investigator
During the
course of the
investigation
Conducting Conducting privileged I Where an investigation has been identified as I The General Counsel I As soon as a
investigations I investigations in such a way as I one that ought to be conducted under legal I or his/her delegates I matter has
to lose/waive privilege privilege the individual responsible for the been identified
conduct of that investigation should be given as being one
the appropriate training, support and that should be
Instructions on how to maintain privilege. investigated
under legal
privilege
Those involved in the investigations must be I The Commissioning I When a matter
instructed on how to maintain privilege Manager is I has been
responsible for I identified as
instructing and any I attracting
individuals are I privilege and
responsible for I throughout
comply
Conducting Breaching individuals’ I Employee Privacy Notice should include I Principal Employment I When drafting
investigations I (typically the subject/s of the I provisions enabling Post Office to interrogate I lawyer/DPO or reviewing
investigation) rights to privacy I personal data in the case of investigations to the Privacy
and/or breaching general data I the fullest extent possible Notice
protection principles,
attracting regulatory censure, I Data privacy impact assessments to be) The Investigator inI At the outset
giving rise to employment
claims and potentially
jeopardising the investigation.
carried out when personal data is to be
interrogated as part of an investigation, as
appropriate.
consultation with the
Commissioning
Manager and/or DPO
as appropriate
and throughout
the
investigation
INTERNAL
Page 18 of 35
Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Training to be given to appropriate personnel
DPO
At appropriate
on interrogating personal data and the intervals
requirement for privacy impact assessments.
Conducting Employees being unwilling to I Insert and maintain appropriate clauses in I Principal Employment I Ongoing
investigations/ I cooperate with investigator, I employment contracts and provisions in I lawyer/People
Employment resulting in inadequate I Conduct Code, wherever possible (subject to I Function
Risks investigation and outcomes, I collective agreement by unions), requiring
and possible employment I employees to cooperate with internal
claims investigations.
Wherever possible (subject to collective I Principal Employment I Ongoing
agreement by unions) provide that it can I Lawyer/People
amount to a disciplinary offence to fail to I Function
comply with reasonable management
instruction, including to cooperate with an
internal investigation.
Reporting Inadequate reporting of I Establish processes to capture MI and report I ARC is responsible for I As and when
investigations or trends leads I to GE, RCC & ARC. fixing the MI and
to a lack of transparency, frequency of
consistency, and opportunity reporting they require
for improvement.
Commissioning At the
Managers are I conclusion of
responsible for I investigations
reporting outcomes
to Group Policy
Owners
Group Policy Owners I [Monthly]
are responsible for
capturing MI about
INTERNAL Page 19 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
issues arising in their
areas and reporting
that to the Group
Legal Director.
The Group Legal
Director is
responsible for
communicating the
MI in relation to
investigation trends
under this policy
[Quarterly]
INTERNAL
Page 20 of 35
Investigations Policy 1.2 Nov 2020
4. Tools and definitions
POL00448352
POL00448352
4.1. Tools
Commissioning Managers’ model Terms of Reference
Investigators’ model report
Spreadsheet of MI to be captured
4.2. Definitions
None
INTERNAL, Page 21 of 35
Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
5. Where to go for help
5.1. Additional Policies
This Policy is one of a set of Policies. The full set of Policies can be found at:
https://poluk.sharepoint.com/sites/postoffice/Pages/policies.aspx
5.2. How to raise a concern
Any Post Office employee or Staff who suspects that there is a breach of this Policy or
wishes to report concern about any issues affecting Post Office should do so without any
undue delay.
Issues can be reported via the following channels:
¢ Their line manager,
« Asenior member of the HR Team, or
¢ If either or both are not available, staff can contact the Post Office’s
Whistleblowing Officer, who can be contacted by email_at:
whistleblowing@. GRO. < or by telephone on
¢ The confidential Whistleblowing Speak. io service “Ethicspoint’ provided by
Navex Global via telephone on
¢ Via a secure on-line web portal:
= . "ethiespoint, com/
In some instances, it may be appropriate for the individual to report in the form of a
complaint to Grapevine, the Customer Support Team or the Executive Correspondence
Team.
5.3. Who to contact for more information
If you need further information about this Policy or wish to report an issue in relation to
this Policy, please contact the Group Legal Director.
INTERNAL. Page 22 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
6. Governance
6.1. Governance Responsibilities
The Policy sponsor, responsible for overseeing this Policy is the General Counsel of Post
Office.
The Policy owner is the Group Legal Director who is responsible for conducting an annual
review of this Policy and for testing compliance across the Group. The Group Legal Director
is also responsible for providing appropriate and timely reporting to the Audit and Risk
Committee.
The Audit and Risk Committee are responsible for approving the Policy and overseeing
compliance.
The Board is responsible for setting the Groups risk appetite.
INTERNAL. Page 23 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
7. Control
7.1. Policy Version
Date Version I Updated by Change Details
0.1 Draft Version
22.19.2020 1.2 Laurence O'Neill Version 1.2
7.2. Policy Approval
Group Oversight Committee: Risk and Compliance Committee and Audit and Risk Committee
Committee Date Approved
POL R&CC 12th January 2021
POL ARC
POMS ARC
PZBPL Board
Policy Sponsor: Ben Foat
Policy Owner: Sarah Gray
Policy Author: Laurence O'Neill
Next review: January 2022
Company Details
Post Office Limited and Post Office Management Services Limited are registered in England and Wales. Registered numbers
2154540 and 08459718 respectively. Registered Office: Finsbury Dials, 20 Finsbury Street, London EC2Y 9AQ.
Post Office Management Services Limited is authorised and regulated by the Financial Conduct Authority (FCA), FRN 630318. Its
Information Commissioners Office registration number is ZA090585.
Post Office Limited is authorised and regulated by Her Majesty's Revenue and Customs (HMRC), REF 12137104. Its Information
Commissioners Office registration number is 24866081.
Payzone Bill Payment Limited is a limited company registered in England and Wales under company number: 11310918.
VAT registration number GB 172 6705 02. Registered office: Finsbury Dials, 20 Finsbury Street, London, England EC2Y
9AQ
INTERNAL. Page 24 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
SCHEDULE 1
Group Policy Owners
The table below sets out the Group Policies covering certain risk areas and the Policy Owners responsible for managing risk in those areas.
Where an individual has a concern about an issue arising in a particular risk area, they may make a report to the Group Policy Owner. Where there is no
Group Policy Owner or where an individual wishes to maintain anonymity and/or whistleblowing then they must refer the issue to the Group Legal Director
or Whistleblowing Officer as appropriate (except in the case of conflict, in which case with the Head of Internal Audit or Group People Director).
Group Policy Risk Area Policy Owner Escalation Details
1. I Conflicts of Interest Directors duties and conflicts arising from I Group Company Secretary Dedicated Mailbox]
Directors’ position
2. I Whistleblowing Not meeting regulatory requirements I Whistleblowing Officer histleblowing@postoffice.co.uk
regarding whistleblowing
3. I Contract Execution Policy Improperly obtaining authority for, and I Group Company Secretary Dedicated Mailbox]
undertaking, contract executions
4. I Modern Slavery Statement Not meeting requirements under Modern I [TBC] Dedicated Mailbox]
Slavery Act 2015
5. I Risk Appetite Statement Management of acceptable risk to POL Head of Risk Dedicated Mailbox]
6. I Risk Policy Management of acceptable risk to POL Head of Risk Dedicated Mailbox]
7. I Financial Crime Policy Prevention of Financial Crime such as I Director of Compliance Dedicated Mailbox]
bribery, fraud counterfeit payment etc.
8. I Anti-Money Laundering & I Enabling Money Laundering and Terrorist I Head of Financial Crime Dedicated Mailbox]
Counter Terrorism Funding I Financing, contrary to MLRO
Policy
9. I Vulnerable Customer Policy Improper support of vulnerable customers I Senior Risk Manager Dedicated Mailbox]
across POL network
INTERNAL Page 25 of 35 Investigations Policy 1.2 Nov 2020
10]
HMRC Fit & Proper Standards
Non-compliance with the Fit & Proper
standards set by the HMRC for Money
Service Businesses
Compliance Director
POL00448352
POL00448352
Dedicated Mailbox]
11] Anti-Bribery & Corruption I Receiving/offering Gifts/hospitality such that I Policy Owner, Director of [Dedicated Mailbox]
Policy (Including Gifts & I affects another’s actions/decisions Compliance
Hospitality)
12] Business Continuity I Improper maintenance/continuity of the I Business Continuity Manager [Dedicated Mailbox]
Management Policy business
13]
Change Management Policy
Improper governance/execution of change
risks
Chief Strategy &
Transformation Officer
Dedicated Mailbox]
14]
Investigations Policy
Improper conduct of investigations within
POL
Group Legal Director
Dedicated Mailbox]
15] Law Enforcement Agencies I Not complying with or supporting Law I General Counsel Dedicated Mailbox]
Policy Enforcement Agencies and prosecutors in
Criminal Investigations and prosecutions.
16] Freedom Of information Policy I Ensuring Fol requests are dealt with I Head of Information Rights Dedicated Mailbox]
appropriately
17] Protecting Personal Data Policy I Improper control and processing of personal I Data Protection Officer Dedicated Mailbox]
data
18] Document Retention Policy Not retaining relevant documents to comply I Chief Information Security [Dedicated Mailbox]
with archiving/other legal requirements Officer
19] Internal Audit Charter Policy. Ensuring an independent review function is I Head of Internal Audit Dedicated Mailbox]
. set up within POL
(tabled biannually)
20) Cyber & Information Security I Improper protection of information security I Head of IT Security Dedicated Mailbox]
Policy at POL
214] Procurement Policy POL undertaking Non-compliant I Procurement Director Dedicated Mailbox]
Procurement processes
INTERNAL Page 26 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
22] Health & Safety Policy Health and Safety hazards within the I Head of Health & Safety Dedicated Mailbox]
workplace and branches
234] Physical Security Policy/Suite Damage/harm to POL equipment and I Head of Loss Prevention Dedicated Mailbox]
personnel
24] Conduct Code Procedure Employee conduct and behaviour not} Employee Relations and [Dedicated Mailbox]
meeting required standards Policy Director
25] Code of Business Standards Operation of POL in an unethical manner Employee Relations and [Dedicated Mailbox]
Policy Director
26] Equality Diversity & Inclusion I Not embedding equality, diversity and I Talent, Diversity and [Dedicated Mailbox]
Policy inclusion into POL's culture Inclusion Director
27] Post Office Treasury Policy Liquidity management, medium-long term I Treasurer Dedicated Mailbox]
funding and other investment risks
28] Employee Vetting I Employing an individual with no right to work I Group Chief People Officer Dedicated Mailbox]
Requirements Policy or criminal convictions
29.) Postmaster & Assistant Vetting I Appointing an agent with no right to work or I Group Chief People Officer [Dedicated Mailbox]
Requirements Policy criminal convictions
30,I Postmaster complaints Complaints from postmasters [TBC] [TBC]
INTERNAL Page 27 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
SCHEDULE 2
Template Terms of Reference
COMMISIONING MANAGER’S TERMS OF REFERENCE FOR INVESTIGATOR
CONFIDENTIAL [AND LEGALLY PRIVILEGED DRAFT]
TERMS OF REFERENCE FOR INVESTIGATION REGARDING [details of issue]
[Insert name and job title]
[Insert name and job title]
[Insert others involved in the investigation, for example
People Team specialist assisting Investigator and any other
specialist advisors as relevant]
[Insert date]
[insert or N/A]
[insert or N/A]
[insert dates 2 weeks from date of terms of reference]
INTERNAL. Page 28 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
1. Introduction
You are requested to act as Investigator to investigate [summarise issue].
You should carry out a proportionate investigation into the issues of concern outlined below and
produce a proportionate investigation report confirming the evidence, your conclusions and (if
applicable) recommendations in accordance with the Group's Investigation Policy.
[Use if applicable - [Insert name of People Team/Audit/Regulatory] will provide assistance and
advice in respect of the investigation.]
The investigation must be treated as confidential but may be discussed with me, the legal team and
any specialist support identified above. If during the investigation you consider that some other
specialist support not already identified is required, please discuss this with me.
As Commissioning Manager, I have received the information attached at Appendix A raising and
identifying the concerns.
[Use if applicable — As Commissioning Manager I have also carried out an initial assessment of the
issues of concern, my initial assessment is attached for your information at Appendix B. This is an
initial assessment and your investigation is not bound and should not be influenced by my initial
conclusions and your investigation must not be limited to this information alone.]
2. Issues to be investigated
You are requested to carry out a proportionate investigation into the following issues of concern:
[summarise in detail using separate bullet points each of the specific issues to be
investigated]
3. Special considerations
As Commissioning Manager, I have identified the following special considerations which apply to this
investigation and which you should ensure you consider when investigating. If you have questions or
concerns around these issues, you should raise these with me at the start of the investigation.
e [details of any regulatory issues]
« [details of any limitations on who can be made aware of the investigation]
e [details of any overlap with criminal proceedings and effect on cautions that may be needed]
e [anticipated need for legal advice on any aspects of the investigation]
e [need for any or all the investigation to be subject to legal privilege]
e [any special reputational concerns or sensitivities]
e [any other relevant special considerations]
You are responsible for taking any legal advice from the Legal Team where such a need is identified
(whether by you or me).
4. Relevant Policies
You should familiarise yourself with the Group Investigations Policy and adhere to the principles set
out therein when investigating this matter. If you are uncertain about any aspect of compliance with
this Policy, you should raise this with me.
INTERNAL. Page 29 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
I also anticipate that the following Policies may be relevant to the issues you are being asked to
investigate. You should ensure that you have considered the relevant aspects of these Policies before
completing the investigation. If you become aware during the investigation that other relevant Policies
may apply, you should raise and discuss this with me.
Anticipated relevant Policies:
e [insert details]
5. Timescales
[The following timescales apply to this investigation:
e [Insert timescales under any Regulation or Group Policy]
OR
[Although there are no fixed timescales for the investigation, you must ensure that it is dealt with in a
timely manner.
You must report to me on the progress of the investigation within 2 weeks of receiving the Terms of
Reference and update at least monthly after that (although more frequently where appropriate). If
issues arise that lead to any delays, you are encouraged to raise and discuss with me to explore ways
they may be circumvented.]
Where practicable, you should keep me and key individuals updated with revised estimates for the
length of the investigation, particularly where key dates appear likely to slip.
6. Documents and evidence to be obtained
You are requested to obtain, review and consider all relevant documents to the above issues of
concern and to attach these as appendices to your investigation report.
You are requested to interview all relevant witnesses, produce statements for each witness signed
and again attach these as appendices to the final investigation report.
[If the Commissioning Manager has identified some witnesses that he / she requires to be
interviewed as part of the investigation or some documents that he / she requires to be
reviewed these should be listed here. Be advised that, in the case of matters that may later
become subject to a criminal or regulatory process, witnesses may need to be given certain
cautions before their evidence is taken. If in doubt, legal advice should be taken.]
7. Additional issues identified by the Investigator
These terms of reference are not fixed and may be amended by me (in discussion with you) as the
investigation develops. If the terms of reference do change, we will both need to give consideration as
to whether that requires any re-investigation of matters (e.g. re-interviewing witnesses that have
already been interviewed).
Should you identify additional issues of concern outside of the issues identified at section 2 above you
should inform me of these additional issues so that I can consider whether they should be included in
the investigation or potentially investigated separately.
INTERNAL. Page 30 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
If you become aware of any challenges to or complaints about the investigation process (e.g. from
witnesses), you should raise these with me.
8. Conclusions and recommendations
You are requested to provide a written report setting out the evidence and your findings upon it.
[/f applicable — You are also required within your report to consider any recommendations based
upon your findings. You can discuss any proposed recommendations with me or with any others
supporting on the investigation to ensure they are practicable, but if any uncertainty about
practicability remains this should be recorded in the report.]
Once your draft report is concluded, you should send to me for review (marking it as strictly
confidential [and if applicable legally privileged]). We will determine together whether the report
covers all relevant points and/or whether any further investigation is needed and/or any
recommendations or next steps to be taken (including whether a report needs to be made to the ARC.
or RCC). Once we are both agreed upon the report, I will confirm that it is in final form.
You may be required to provide further support to complete the report (for example by presenting your
findings) once the investigation is concluded.
INTERNAL. Page 31 of 35 Investigations Policy 1.2 Nov 2020
SCHEDULE 3
POL00448352
POL00448352
POL Group Investigations Policy — Investigation Plan
Strictly Confidential [and Legally Privileged Draft]
Commissioning POL Manager
Investigator
Legal adviser
Type of event/suspicion
For instance: Incident, misconduct/Behaviour,
Breach of policy, Criminal — Theft, Bribery, Fraud
etc, Suspicion or concern, other
Name of person who reported the
event/suspicion, or how it became known
Investigation Subject Matter Details:
Date & Time of Incident:
Location of incident:
Date & Time of when Incident/Event/suspicion was
reported and to whom/how:
For instance
e Line Manager
e Grapevine
* SpeakUp
Subject Matter/Name of POL employee(s) to be
investigated:
Terms of reference - issues that need to be
investigated
Applicable POL Policy Relevant to matter
Provisional investigation time-frame
INTERNAL,
Page 32 of 35
[insert name, job title and department]
[insert name, job title and department]
[in the event that the event/suspicion requires
you to take legal advice document that fact and
identity of who was appointed to advise]
[provide brief details of the type of
event/suspicion that has been reported]
[insert date and time]
[provide details of specific location or description
given by reporter]
[Have Terms of Reference been completed by
Commissioning Manager? Paste here or append
a completed copy of the TOR to the investigation
plan)
For instance AML/Whistleblowing etc
If there is no applicable POL Group policy
setting out a prescribed investigation policy,
please specify that the Investigation Policy
applies.
[if the provisional investigation timeframe is
delayed or needs to be longer than 2 weeks
please specific the reasons for the delay or need
for more time.]
Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
[insert details of the location of documents and
data that needs to be collected and from where.]
[insert names, job title and department and
reasons for interviewing them]
[insert key findings, primary and underlying
causes]
YES/NO
Signed:... -
Commissioning Manager
[insert date]
GC YES/NO
RCC YES/NO
ARC YES/NO
INTERNAL Page 33 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Schedule 4
Management Information to be captured by Group Policy Owners for reporting purposes.
Table Heading Desc
This field is automatically populated when a date is entered correctly in
Complaint Log the "Date Referred" Column.
Ref
erence All documents relating to this entry should be saved with the reference in
its title, and stored where appropriate.
Date referred The date of the complaint received
Referred by The name of the team or individual referring the complaint of concern
Referral reference Any reference numbers assigned to the complaint by the referring team or
Select from the drop down menu the main area in which the complaint
Area of complaint falls under. If more than one, then add commentary of additional areas
in the "Nature of Complaint" column.
Select from the drop down menu the main area affected in which the
jr complaint falls under.
Business Area "
athented If more than one, then add commentary of additional areas in the "Nature
of Complaint” column.
Select from the drop down who reported the allegations or concern e.g.
Reporter Type Internal Audit, Employee, Postmaster, Anonymous
Subject Type Select from the drop down who the reports relates to e.g. Employee,
Postmaster, Post Office Ltd
Location or Branch Add the name of the branch, CViT depot or head office location if detailed
(is applicable) in the report and/or applicable
Nature of Free format text to provide a high level summary of the nature of the
complaint complaint
Complaint referred Names of any individual(s) or team(s) that the complaint is referred to by
to the Whistleblowing Officer for further action
Action/Investigatio
n Summary A high level summary of actions or investigation to be undertaken.
A follow up date for the Whistleblowing Officer to review progress of the
i allied complaint and any investigation
Follow Up Free format text to provide a high level summary of the progress being
Summary made and concluding results
Status (Open or
Closed)
Date closed The date of the complaint closed by the Policy Owner
Have any of the allegations raised been confirmed during the
investigation, enter either Yes or No A
Whether upheld or not upheld
Drop down menu, Open or Closed
Evidence Found
Upheld or not
upheld?
Action Taken Has any action been taken to address any concerns identified during the
investigation? Enter either Yes or No
INTERNAL. Page 34 of 35 Investigations Policy 1.2 Nov 2020
POL00448352
POL00448352
Schedule 5 — Suggested text to acknowledge receipt of a reported concern
Dear Sir or Madam
Thank you for raising your concern. This is extremely important to us.
We are currently establishing the most appropriate course of action.
If you have any questions or concerns in the meantime, including about how this matter will be
handled and by whom, or about any particular urgency, please do not hesitate to contact [point of
contact or escalation]
Please note that while all reports are taken very seriously, in some cases we are not obliged to share
information in relation to outcomes of investigations.
INTERNAL. Page 35 of 35 Investigations Policy 1.2 Nov 2020