Pagel
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
Confidential and Legally Privileged — do not disclose outside UKGI without consulting the UKGI
Legal Team
UKGI PRELIMINARY INTERNAL REVIEW INTO THE POST OFFICE AND THE
HORIZON IT SYSTEM
1. INTRODUCTION
Purpose and Scope
1.1. The purpose of this document is to provide a preliminary view of the key facts;relating to the
involvement of the Shareholder Executive (“ShEx”) and UK Government Investments Limited (“UKGI”) in
matters relating to the Post Office Limited’s (“POL”) Horizon IT system (“Horizon”), and,in ‘particular the
events leading to the commencement of the sub-postmasters (“SPMRs”) litigation which was settled in
December 2019 (Section 2). This report does not currently cover POL or ShEx/UKGI’s knowledge of
Horizon related convictions. Following the Inquiry’s conversion from a noh-statutory process to a
statutory footing on 1 July 2021 and the associated update to its Tetms of Reference”, subsequent
versions of this report will seek to understand UKGI’s knowledge of. the criminal prosecutions of the
SPMRs. UKGI Legal will not be in position to provide further detail,om.the issue of criminal convictions
until it has completed a detailed disclosure exercise of the relevant,historical records. The reader should
also be aware:
a. The review has been completed at a high*level’and has not included an exhaustive search
of relevant material at this stage or formal interviews with relevant staff (although some
engagement from UKGI staff has been.undertaken as part of drafting this report). The
summary of key facts and events will be subject to a degree of evolution as UKGI
establishes a more detailed and thorough understanding of the relevant facts; and
b. A principal aim of thissreview is to form a preliminary view on what lessons can be learned
to better inform the»performance of UKGI’s shareholder role in the future. This includes
providing initial“observations on how the lessons learned following our internal review of
our Magnox role.(in,Jate 2017) were adopted. As UKGI’s understanding of the relevant facts
evolves asia result of its engagement with the Post Office Horizon IT inquiry, we envisage
that further refinement and additions to these lessons will be required. UKGI Legal will
work closely with the UKGI Portfolio team to determine how best to disseminate any final
lessons across UKGI shareholder teams and the wider portfolio.
1.2. __ This review was commissioned by the board of directors of UKGI (the “UKGI Board”).
1.3. Some information in this review has been drawn from legal advice that POL has received, in
particular following investigations and reviews conducted by POL’s external barristers. These pieces of
advice have been shared with UKGI under the terms of a protocol agreed with POL which expressly
preserves POL’s Legal Professional Privilege in, and the confidentiality of, this information.
1.4. This preliminary report is intended for use only by UKGI.
1 https://www.gov.uk/government/publications/post- office-horizon-it-inquiry-2020/terms-of-reference
Page2
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2. BACKGROUND TO THE POST OFFICE, HORIZON IT SYSTEM AND THE DISPUTE
WITH SUB-POSTMASTERS
2.1. A timeline of the key events listed below has been included at Annex 1.
The Post Office - recent ownership and status as a Public Corporation
2.2. POL is a Public Corporation’ and has operated as a company independent from Royal Mail since
1° April 2012. POL is wholly owned by the Secretary of State for Business, Energy and Industrial Strategy
(“BEIS”) (the "Secretary of State"): given POL’s size and commercial nature, the Secretary of State
through BEIS delegated its role as shareholder in POL to ShEx (which was then transferred to UKGI, see
paragraph [2.7] below). The prevailing culture within the Royal Mail Group, which was partly inherited
by the incoming POL leadership team, was one of fierce independence. For example, basic information
was often difficult to access. It was in this context that ShEx began to perform a shareholder role and
embed a Shareholder NED position in 2012.
2.3. As a Public Corporation, POL is designed and intended to operate ata distance from Ministers
and government: Public Corporations should have appropriate levels of freedom to exercise commercial
judgement, within appropriate governance arrangements that protect the relevant departments.? While
the board of directors of POL (the “POL Board”) is accountable to (and in certain matters, requires the
consent of) the Secretary of State for the performance of POL, ‘it is, solely the POL Board that has
responsibility for and control over, the day-to-day operations and management of POL.
2.4. There is no single, agreed definition as to what effective oversight of a public corporation
entails. Therefore, in determining the appropriate level of oversight and control to be exercised over
POL, government must take into account the fact that ‘POL has been constituted with an independent
board and expert management team. While BEIS places a number of policy requirements on POL and
has certain rights and controls as shareholder and as lender under various funding documents’, the
governance in place seeks to preserve POL's independence as far as possible. Government also requires
POL to create and manage its own corporate processes and ensure good corporate governance.° The
degree of control and oversight.that.government has over a Public Corporation should be both
reasonable and proportionate tothe Public Corporation's functions and risk profile. Accordingly, what is
appropriate in terms of oversight is,subject to change; as POL's risk profile has increased so too has the
degree of oversight exercised by. government.
2.5. In the period immediately following POL’s separation from Royal Mail [up to 2016-17], the
company’s priorities were many, varied and in some cases, existential, including: securing sufficient
funding to deliver both policy priorities and commercial services (including government services) aiming
for financial self-sufficiency in the medium term; dealing with a substantial pensions deficit; and leading
what can effectively be described as the UK’s largest ever retail transformation across its network. This
alongsidesdefining and embedding a new operating model (including through the newly established
board). Whilst Horizon was undoubtedly a known issue, the above were seen as more significant threats
in the context of business that was substantially loss-making.
? POLis classified as a Public Non-Financial Corporation ("Public Corporation") by the Office for National Statistics.
3 See for reference, Chapter 11 of HM Treasury’s Consolidated Budgeting Guidance 2020-21:
https://assets. publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/876155/CBG_for_pu
blication.pdf
* Since 2007, a Funding Agreement and Entrustment Letter between BEIS and POL has been in place (as amended from time
to time), which imposes conditions and restrictions on the funding provided by BEIS (in essence, these agreements set out
BEIS's; policy objectives and expectations from POL). Since 2003, a Working Capital Facility between BEIS and POL has been in
place (as amended from time to time), whereby POL can access funds for working capital purposes, which imposes certain
contractual restrictions/undertakings on POL (for example the incurring of additional debt).
5 Reference to Accountable Person appointment letter to be included.
Page3
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.6. In line with its adoption of the UK’s Corporate Governance Code (from POL’s inception), POL’s
board underwent regular board effectiveness reviews. Whilst not occurring on an annual basis, a review
of the board’s effectiveness took place in summer 2013 (conducted internally, likely by the Chair), in
March 2015 (conducted by the Chair with a written report shared with the full board), between
November 2016 and January 2017 (conducted externally) and in December 2018 (conducted by the SID
which also covered board sub-committees). Whilst board members consistently highlighted issues with
the quality and density of board papers, there is only a single reference in the materials we have been
able to discover to there being any tension between the challenge posed by non-executives to the
management team, where this was felt to be intrusive (March 2015) and no references to the POL Board
being focused on the ‘wrong’ issues.°
ShEx and UKGI involvement
2.7. ShEx was originally established in September 2003 as part of the Cabinet Office’and with its own
advisory board (as was the custom for Executive units created at that time)’ and, since its establishment,
has played a role both in relation to Royal Mail and POL. In 2004, ShEx=transferred to the then
Department of Trade and Industry (BEIS’s predecessor organisation) retaining a role for its advisory
board as part of the transfer, where it remained until 2016. In April 2016, ShEx’s functions were
transferred alongside UK Financial Investments Limited (a Government company 100% owned by HMT)
to create UKGI in the form it exists today.
2.8. Alongside the evolution of the shareholder role (setout\in paragraphs 2.11 to 2.20 below), ShEx
and UKGI’s oversight also evolved over the same period: from 2009, its operations were overseen by an
advisory board alongside internal processes to peer.review ALB performance [and governance] and
simple risk reporting. The UKGI Board (which became“fiduciary upon the creation of UKGI in 2016),
additionally led an enhanced focus on risk management. Specifically:
a. UKGI’s internal processes of ‘tisk management became more rigorous underpinned by a
clear methodology, and alsosubject to senior and peer review;
b. Risk register discussions became standing items at each board meeting: where significant
risks are highlighted inthe overall risk register, these form bespoke discussion papers for
the Board to consider;
c A new risk category (‘purple projects’) to capture [ad hoc] project work was introduced in
mid-2020;
d. Portfolio’reviews, routinely used as a form of peer review, gained a more precise structure
and role'réporting to a Portfolio Director;
e. Creatingand implementing a standardised model for the shareholder role; and
f. _iffipréved practitioner knowledge and training in corporate governance underpinned by a
structured training programme.
2.9. Pridr to 2012, during the period in which POL was a subsidiary of Royal Mail Group, there was a
team within ShEx which had responsibility for oversight of the Post Office functions and policy
responsibility for POL (including supporting departmental ministers in Parliamentary or other
stakeholder engagement). This team reported, alongside a similar team focused on the performance of
Royal Mail, to a Director within ShEx responsible for the oversight of Royal Mail Group as a whole. The
role performed by the shareholder team pre-2012 was not, in many ways, fundamentally different to
the role that the shareholder team perform today insofar as reviewing financial and performance
reports, reporting on risk and securing sufficient government funding to deliver the department's policy
objectives. However, the context within which the shareholder team was operating was different and
informed the way in which the shareholder team performed their role; in particular:
© POL Board minutes of 29 October 2014; 25 March 2015; 24 November 2016; 31 January 2017 and 29 January 2019.
7 See also the Better Regulation Executive
Page4
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
a. in terms of governance, government relied on its rights as shareholder of a special share in
Royal Mail Holdings, which afforded government: (i) consent rights over certain actions of
Royal Mail Holdings (including in relation to POL) and (ii) as set out in POL's articles; the
ability to request information from POL (and released POL directors from obligations of
confidentiality in sharing any such information with government);
b. [Drafting Note: additional context and description of the shareholder role between 2004 -
2012 to be included following interviews with relevant staff and further examination of
documents]; and
c. POL, prior to 2012, was not an independent company but a subsidiary of the Royal Mail
Group: there was no board of the Post Office (a POL representative sat on the,board of
Royal Mail Holdings) and HMG did not hold a board position on Royal Mail Holdings. As
such, the shareholder team had limited visibility and relied solely on information provided
to them (in accordance with POL's Articles) in the context of thévatious regularised
meetings with the Post Office. For example, the shareholder team mét the POL senior
management team on a monthly basis to discuss POL’s performance and on a quarterly
basis, to discuss more strategic and/or long-term matters.®
2.10. As best as we have been able to determine to date, the pre-2012 POL team focused on funding
agreements, network transformation, industrial action (including. taking forward relevant policy
processes), but did not focus on broader governance issuesas"the shareholder team does now,
particularly as HMG did not hold a board position on Royal‘Mail or POL at this time. In sum, given the
overall focus of ShEx at the time, it appears that the POL team would most likely have been focused on
commercial and financial performance of the business.within the Royal Mail Group. °
ShEx/UKGI role post-2012: An overview
2.11. In order to understand the rolevof UKGI with respect to POL from 2012 onwards, we think it is
useful to first remind the reader of the role,performed currently. Today, the shareholder role that UKGI
performs with respect to POL is characterised by:
a. a senior UKGI_employee being both (A) the shareholder representative NED on the POL
Board ("Shareholder NED") and (B) head of the UKGI shareholder team ("Shareholder
Team"),,ensuring a high level of visibility on POL Board matters for the Shareholder Team
and creating a direct connection between the Shareholder NED and Shareholder Team;
b. "Shareholder Team focused purely on commercial and governance matters, with a
dedicated BEIS Policy Team taking the lead on policy;
c. “documented governance arrangements, between (A) BEIS and UKGI, through a
Memorandum of Understanding ("BEIS-UKGI MoU") and (B) BEIS, UKGI and POL, through
the 2020 Framework Document, that sets out key agreed principles of the relationships
between stakeholders; and
® Recollections of Will Gibson, ED within the shareholder team 2012.
® See NAO Report into ShEx performance https://www.nao.org.uk/report/the-shareholder-executive-and-public-sector:
businesses/
PageS
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
d. established corporate reporting procedures, through regular UKGI portfolio reviews, which
challenge the Shareholder Team on key issues, and risk registers, both with UKGI Board
oversight.
2.12. Certain elements of the shareholder role set out above have been consistent features
throughout the period from 2012. For example, a Shareholder NED being on the POL Board, the
existence of a dedicated Shareholder Team within ShEx/UKGI and formalised meetings, such as a
quarterly shareholding meeting, together with informal information flows between the Shareholder
Team and POL.
2.13. Notwithstanding these consistencies, the way in which the shareholder role has been
performed by ShEx/UKGI has evolved over the past nine years. For example:
From 2012-2016, the Shareholder Team operated within the Department,for Business,
Innovation & Skills (“BIS”) and within the objectives of ShEx, which were.more heavily
weighted to a corporate finance focus, partly in reflection of the) purpose of ShEx’s
creation;”°
ii. Specifically, in relation to POL, ShEx’s focus was on the commercial and financial
sustainability of the business which presented more existential challenges, although
governance was a feature of the shareholder model (alongside.a policy function);
iii. From 2014-present, the Shareholder NED on the POL.Board was also the head of the
Shareholder Team; the lack of this link before this period, informed the level of information
received prior to 2014;
iv. From 2016 onwards, ShEx and the Shareholder Team moved from being part of BEIS to
UKGI, a company with an independent.board and separate responsibility for asset risk
oversight; as such, the approach toportfolio reviews and monitoring risk developed
significantly from 2016 onwards; and
v. From 2018, the governance and. oversight of POL was further codified and enhanced in
response to the GLO and otherchallenges facing POL.
2.14. The key differences and developments in each of the periods 2012-2014, 2014-2018 and 2018-
present are summarised below. °
Shareholder Role: 2012-2014
2.15. In terms of the landscape in 2012, ShEx had responsibility for both the shareholder role and
policy role. Prior to‘the BEIS-UKGI MoU being agreed in 2016, there was no formal description of
ShEx/UKGI's rolesAsicivil servants embedded in the shareholding department, it would not have been
unusual for there\to be no specific description of the role ShEx undertook.? The governance levers
available,to UKGI as shareholder representative were set out in POL's articles of association (“Articles”)
which set out the rights attached to HMG's shareholding, including for example, an detailed list of
reserved matters for the POL Board and other documents such as the Funding Agreement and
Entrustment Letter.*
°° See for example, ShEx Annual Review 2012-13
ts. publishing. service.gov.uk/government/uploads/system/uploads,
shareholder-executive-annual-review-2012-13.pdf and ShEx Annual Review 2013-14
https://assets. publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/368125/bis-14-405-
shareholder-executive-annual-review-2013-14.pdf
4 In contrast, ShEx would have put in place MoUs or equivalent where it provided services for other government
departments,
* For example, the 2013 Articles stipulated BEIS consent was required in respect of: the alteration of Articles; voluntary
winding up/administration; issue or redemption of shares; payment of dividends and distributions; appointment,
reappointment or removal of directors; adoption of Strategic Plan; alteration to the nature of the business; disposal of
material assets; entry into significant transactions; approval or variation of director remuneration and terms of
it_data/file/26059:
Page6
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.16. In April 2012, the first Shareholder NED, Susannah Storey, was appointed to the POL Board (and
in contrast to the position today, was not on the Audit & Risk or Remuneration Committees). Unlike the
subsequent Shareholder NEDs (from 2014 onwards), Susannah was, by design, not part of the
Shareholder Team”: at the time of appointment in 2012, the Shareholder Team was in the process of
negotiating the Funding Agreement with POL and we understand that there was, therefore, resistance
from POL to having a member of that Shareholder Team also sitting on the POL Board (where POL's
approach to those negotiations would be discussed). This meant that the Shareholder NED, while a
representative of ShEx and performing a key role in terms of bringing government experience and
perspective to the POL Board, was purposely detached from the Shareholder Team; a clear illustration of
this being the fact that Board papers received by the Shareholder NED would not be shared with
colleagues in ShEx."*
2.17. While the Shareholder NED did meet regularly with the head of the Shareholder Team, which
allowed for an informal information flow from the POL Board (and vice versa), there Was not the same
level and regularity of interaction and visibility as there is today (for example, in.tétms‘of receiving POL
Board packs and having regular conversations with the Shareholder NED). Risk.registers produced at the
time (usually in a simple tabular form per asset, consolidated for the board), list out the risks facing the
business (rather than as today, focusing on the risks to UKGI). The ShEx team als6 reported to BEIS [via a
centralised process] in relation to POL funding and budget only.’°
2.18. Similarly to today, there was a regular information flowsfrom POL into the Shareholder Team:
both through information linked to regular meetings that tookyplace (such as monthly financial packs
and quarterly shareholder meeting packs, which provided¢information with respect to commercial
initiatives at POL) and through consistent interaction between POL and the Shareholder Team directly.
However, with limited eyes on the POL Board, the Shareholder Team relied largely on information and
assurances that POL provided, without the same opportunity to challenge information as is afforded the
Shareholder Team today.
Shareholder Role: 2014-2018
2.19. In March 2014, a new Shareholder NED, Richard Callard, was appointed. He was, in line with
UKGI's current practice, also head.of the Shareholder Team and also sat on the Sparrow SubCo (defined
below) (from March 2014), Pensions Sub-Committee (from October 2014) and the Audit and Risk
Committee (from January 2016) [Drafting Note: exact date to be confirmed once historic ShEx records
have been examined]. This'provided the Shareholder Team with greater information flow and visibility.
From 2014 onwards\the Shareholder Team started to receive full POL Board packs and were more
frequently sighted.on POL Board-level decision-making.
2.20. During»this period the Shareholder NED and Team were made aware of various independent
reviews commissioned by POL which seemingly corroborated POL’s characterisation of the allegations in
relation to Horizon (see below on Second Sight Interim and Final Reports, Deloitte report and the Parker
review). In the main, these reports were briefed to Ministers, including where UKGI had asked for
additional assurances from POL UKGI’s challenge to POL was also detailed in briefing to incoming
Ministers at various points*®.
employment/engagement; or borrowing over certain limits or from non-HMG sources. In 2020 new Articles were adopted
which enhanced BEIS' consent rights, including expanding the scope to apply to all companies in the POL group and including,
for example, greater HMG control on any proposed dividend distribution and on POL’s external borrowing.
+ While Susannah was a ShEx employee, Susannah was on maternity leave from ShEx at the time of appointment (and
following such leave, Susannah moved roles to the Department for Energy and Climate Change).
A POL Board minute dated 23 May 2012 refers to Susannah's appointment being as a representative of ShEx, but that
“.Board papers would not be shared with colleagues in ShEx”.
+5 Recollection of Will Gibson, ED within the POL shareholder team 2012
+8 For example, to Baroness Neville Rolfe in July 2015 and Margot James in August 2016
Page7
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
Shareholder Role: 2018-present
2.21. In March 2018, Tom Cooper, the current Shareholder NED, was appointed to the POL Board and
also sits on the Remuneration and Audit and Risk Committees. From 2018-2020 he also sat on the Group
Litigation Sub-Committee, set up to manage the GLO and settlement. In addition, to the more
established features of the UKGI shareholder model, the period from 2018 onwards is characterised by
enhanced governance measures being put in place to allow UKGI a greater level of oversight and
monitoring over POL, largely (but not wholly) in response to the GLO and other issues facing POL. The
key developments from 2018 to the model now in place were as follows:
a. Codifying and Documenting Governance Arrangements: a number of steps have been
taken to document and clarify the roles of each of BEIS, POL and UKGI: (i) the ‘BEIS-UKGI
MoU was updated in 2019 and sets out the principles of the relationship between UKGI and
BEIS at a high-level; (ii) the introduction of a Framework Document in March 2020, which
sets out the governance interactions, roles and responsibilities betweeh BEIS, POL and
UKGI; and (iii) new Articles were adopted by POL in 2020, including énhahced shareholder
consent rights for BEIS;
b. Increasing Interactions with POL: a broader range of meetings being put in place with POL,
to ensure a regular dialogue between UKGI and BEIS (both formally and informally) and to
enable issues to be discussed and brought to the attention’of UKGI;
c. Separating the Policy Function: the BEIS Policy Team was established in August 2018 (i) to,
in line with the best practice model for other,BEIS-owned ALBs, separate the policy and
shareholder functions and (ii) as a consequenceof the increased volume and complexity of
policy-related interactions between POL and BEIS, including (but not only), due to the issues
relating to Horizon: the BEIS Policy Team works closely with the Shareholder Team in
holding POL to account at official level;.”
d. Enhancing the Risk Framework: the Shareholder Team (i) engages with the standardised
quarterly UKGI portfolio review, process and regularly asks for special ad hoc meetings on
which to receive constructive challénge from UKGI colleagues on specific issues; (ii) through
completion of the UKGLPOL risk register, captures key risks faced by POL in the lens of their
potential impact to both the company as well as to UKGI/BEIS; and (iii) report key risks to
BEIS through completing the ORB (Online Reporting in BEIS) on a quarterly basis; and
e. Developing the Corporate Culture: UKGI, BEIS and POL have increased the dialogue around
changing POL's corporate culture and in particular, resetting the relationship between POL
and SPMRs\{including, for example, through POL's initiative to appoint two SPMRs to the
POL Board and review of its engagement model to deal with SPMRs).
Horizon and.-risk reporting
2.22. As is,the case for the shareholder role, risk reporting, both internal to ShEx/UKGI and to the
Department, has evolved over time:
a. Pre-2012: From what we have been able to gather, ShEx performed annual and interim
investment reviews for assets in its portfolio, with the processes around these
strengthened in 2011-12 for "core assets" (of which POL was one); a new approach to the
"Portfolio Unit" was for "detailed annual investment reviews with...better definition of the
risks...for the company" and quarterly updates.’* These Investment Reviews also involved
7 Broadly, the policy function is responsible for identifying the desired policy outcomes which POL is required to deliver; this
is consistent with the wider government policy framework, delivers more government control over the policy agenda and
better enables government to respond to parliamentary scrutiny and reporting requirements. The shareholder function, on
the other hand, focuses on how POL is being managed, its capability and its organisational performance to deliver BEIS’s
policy objectives.
18 paper presented to 5 May 2011 ShEx Board, entitled "Portfolio Unit Development".
Page&
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
shareholder teams preparing a "traffic light analysis" for the annual and quarterly
reviews.”®
b. 2012-2014: The approach to risk reporting and management was set and administered
centrally by BIS with ShEx officials reporting through line management chains ultimately up
to the Permanent Secretary. While there were processes for reporting risk into BIS at a high-
level and flagging areas of concern on an ad hoc basis, there were no detailed "risk
registers" in the form we have today. At the time, the key "risks" highlighted to BIS from a
ShEx perspective were, in line with ShEx's objectives”, largely commercial in nature; for
example, relating to the separation of POL from Royal Mail, the negotiation of the POL
funding agreement and other funding issues facing POL. Similarly, while ShEx did carry out
portfolio reviews, they were not as rigorous as those that exist today and often focused on
the commercial/financial performance of the asset.7+
c 2014-2016: Regular and formalised risk reporting developed over this period: From May
2014, a standardised way of reporting risk across ShEx assets was“established and risk
registers (made up of three elements: overall ratings, heatmap and ‘individual risks) were
completed and updated monthly. These, however, were often variably completed by
shareholder teams and often captured asset risks rather than risks to UKGI. Portfolio
reviews, compared to their format today, were not as rigorous or involved, with content
largely determined by each shareholder team, but, thére were principles in place that
generated the traffic lights analysis of risk that is the"basis of UKGI's current model.
Horizon risk reporting: From the point at which’ the first of these new form risk registers
was completed for POL in June 2014, to the present, the register consistently includes a risk
relating to Horizon: the Horizon risk relative'to the other risks attached to POL however, has
fluctuated over this period significantly, For example:
« in June 2014 the key risks related to the renegotiation of the Mails contract with
Royal Mail (which, had implications for the long term sustainability of POL), risks
relating to key revenue, streams for POL (such as support from Government Digital
Services (to support POL playing a role in providing Government with digital
services) and retaining the Post Office Card Accounts contract with DWP) and work
relating to'Government's commitment in 2010 to mutualise POL. Of the 15 risks
identified, issues with Horizon was number 13 and the risk was characterised as a
“reputational and brand risk due to perception that POL has not supported
postmasters, with accusation from JFSA that the process was flawed and not
sufficiently transparent"; the risk register notes that the July 2013 interim report
“found no systemic issues with [Horizon]";
e while risk registers noted developments, for example in January 2015 that "JFSA are
increasing the profile of this issue...Ministers broadly agree to maintain that the
issues should remain independent of Government", it was not until March 2015
(when there was "increased attach from JFSA and MPs since POL announced closure
of the Working Group") that the risk relating to Horizon issues started to be
characterised as higher (in the top ten risks) and at that time there were significant
other key risks including the Mails contract, issues around POL's pension scheme
° Update to 7 March 2012 ShEx Board, entitled "Portfolio Unit Development: Investment Reviews".
2 ShEx's objectives, as set out in its 2004-05 to 2006-07 Corporate Plan, were: (i) to ensure each business delivers sustained
positive returns, and returns its cost of capital within the policy parameters set by Government; (ii) to increase by £1 billion
the value of a portfolio of six target businesses owned by Government, within a framework of clearly defined policy,
customer and regulatory objectives; (iii) to provide corporate finance expertise within Government; and (iv) to achieve a
progressive return to dividend paying.
See for example, quarterly portfolio reviews of September 2012, September 2013 and the annual review of April 2016.
Page9
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
and delivery of the Network Transformation programme that were also being
monitored by the ShEx team. From June 2015, the risk registers included Horizon as
atop 5 risk and started to go beyond simply brand/reputational risk and address the
risk of Government being "drawn closer into the scheme", the potential for "costs to
spiral out of control, particularly if legal action is taken"; and
e¢ from July 2015 — May 2016, the risk register changed very little in relation to
Horizon: it was rated high risk and characterised as an "increasingly orchestrated
campaign against POL...we are keeping close to POL and managing Ministers’
involvement, with the intention of keeping the issue independent of Government",
with the key actions being to "Ensure POL are proactively managing interest and
noise...Manage interest and wobbles from Ministers or the centre, including
preparing fall back options if current arms-length position becomes untenable."
d. 2016-2018: Post 2016, when ShEx transferred to UKGI, the approach to departmental risk
reporting changed (as UKGI was then reporting into BIS, as opposed to risk'reporting within
ShEx) and the previous risk processes in place were strengthened further; namely (a)
tailoring the BIS risk rating guidance to UKGI (b) establishing.training for risk register
owners and reviewers and (c) introducing periodic audits of the risk registers to review
adherence to the guidance.”
Horizon risk reporting: Following proceedings being lodged in May 2016 until April 2018,
the rating for Horizon remained static, noting the tisk that there was "potential for
significant compensation claims jf civil or criminal courts rule against POL. More likely
however, and certainly in the short term, is: that this continues to be a significant
distraction (and cost) to the business as they"defend their actions" but that "this is a legal
matter distinct from Government".
Horizon IT System
2.23. Horizon is the Post Office accounting system, which processes and stores data relating to each
transaction made in all POL branches, The term Horizon is used to refer to the software, hardware,
central data centres and testing anditraining systems connected to this system.
2.24. Horizon was providedito POL under a contract with Fujitsu Services Limited (“Fujitsu”), formerly
ICL, awarded in 1996. The initial Horizon system was rolled out to branches between 1999 and 2002,
with branches migrating.to’an updated system known as Horizon Online (or HNG-X) over the course of
2010. The key distinction between these systems was that the original system processed and stored
data on a designated, master terminal in each branch, which was then transmitted to a central POL data
centre in batches; whereas Horizon Online required a constant secure connection to communicate
directly withthe data centre on a transaction by transaction basis.
2.25. I SPMRs were trained to use the Horizon system through a combination of classroom training, on-
site training and balancing support (i.e. assistance with balancing at the end of a trading day). This
training was voluntary (and certain SPMRs may have chosen not to receive such training) and SPMRs
were responsible for training their own staff and requesting further training if needed. As well as initial
training, POL also provided an ongoing support network through telephone helplines and branch visits
by advisors.
Prosecutions Policy
2 April 2016 Paper to the UKGI Audit and Risk Committee, entitled "Summary of Risk reporting process for UKGI"
Page10
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.26. Prosecutions [of employees] were a feature of company operations of the Royal Mail Group (
“RMG”) as POL’s parent company, and of POL itself. RMG appears to have conducted such prosecutions
privately, relying on conformity with the Prosecutors Convention™, rather than proceeding through the
Crown Prosecution Service.
2.27. As far as we can determine, the majority of prosecutions of SPMRs where Horizon issues were
the alleged cause of any discrepancy, occurred between [2000 — 2013] when POL was a subsidiary of the
RMG. We note the following:
i. Prior to 2004, UKGI/ShEx had no visibility of any activities of either RMG or POL;
ii. Between 2004 - 2012, based on our understanding of the shareholder role, ShEx would
have been receiving both RMG and POL performance and financial information, but did not
have any visibility of matters discussed at the RMG board; [Drafting Note: a. more detailed
understanding of the material seen by the relevant shareholder teams from2004 - 2012 is
dependent on accessing historic BEIS records. This section to be adjusted.once records
have been analysed]
iii. Between 2012 — 2014, whilst a shareholder NED was appointed.to the POL board,
UKGI/ShEx team members did not have access from POL to board papers and that POL
were reluctant to share this information with the shareholder. We understand that a
Memorandum of Understanding was put in place between the ShEx shareholder team and
the NED to facilitate high-level information sharing, but-we have not yet located this
document. ;
2.28. Whilst monitoring the application of prosecutions policy could be considered to be the
responsibility of the POL management team, we can see that a Prosecutions policy was presented to the
newly formed POL board in [2012 — pre the shareholder. NED being appointed, and again in 2014]. The
POL board also received a regular ‘Significant Litigation’ update as part of each board pack which
contained, amongst details of contractual disputes, an outline of the top ten individual prosecutions that
POL was involved with, and their status/*Such»reports pre-date the appointment of the ShEx/UKGI
Shareholder NED and could therefore,have\been something that was produced and made available to
the POL management team prior tothe separation from RMG. [Drafting Note: we intend to explore this
point more fully once we can access'the historic ShEx RMG and POL records from the BEIS archive].
Dispute with Postmasters
2.29. The complaints and allegations made publicly and to POL about the Horizon system and
associated issues«commenced in earnest in 2009 with the establishment of the Justice for SPMRs
alliance (“IFSA”)»The core of those complaints has always been that various SPMRs have been the
subject of cfiffinal prosecution, civil recovery and/or contract termination in respect of accounting
discrepancies for which the SPMRs say they were not responsible. Instead, the SPMRs claim that Horizon
is responsible.
2.30. During the course of 2010-12 pressure built on POL and government to take action in relation to
purported errors with Horizon. This included:
a. An increasing volume of correspondence between the JFSA, Ministers™* and Members of
Parliament about their concerns, garnering support from MPs acting on behalf of affected
constituents (c. 20 MPs had constituency cases by mid-2012);
?3 Last updated in 2012, BEIS and DWP as the historic sponsoring departments for RM Group are both signatories
> The Shareholder Team produced advice, draft replies and briefing packs in support of each piece of correspondence from
the JFSA to each successive Post Office Minister. The team also supported several debates in Parliament where the Minister
provided positive statements that there were no systemic issues with the operation of Horizon. These briefs relied on
assurances and information provided by POL.
10
Page11
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
b. Press coverage from the BBC’s ‘Inside Out’ programme and articles in Private Eye;
c. In July/August 2011, Shoosmiths, acting on behalf of 5 claimants issued Letters before
Action supported by the JFSA increasing the pressure on government to commission an
independent review into the reliability and integrity of the Horizon system;
d. From late 2011 to May 2012 James Arbuthnot MP pursued the allegations made by the
JFSA and individual SPMRs with the Post Office Minister and with POL on behalf of several
MPs with affected constituents; and
e. Separately, Shoosmiths sent written evidence to the Parliamentary Select Committee for
Business & Skills (“BISCOMM”) on behalf of more than 100 SPMRs.
This pressure culminated in a meeting with POL’s CEO and James Arbuthnot MP in May 2012 (also
attended by Oliver Letwin MP) where James Arbuthnot MP agreed to be a focal point for all MPs, and
facilitate another meeting with other MPs who also had cases in their constituencies. At ‘this same
meeting, POL agreed to use a forensic accountant to “investigate the system and give further comfort to
those concerned about these cases”.”° Second Sight Support Services Limited (“Second Sight”) were
appointed by POL to conduct the investigation. Second Sight were a relatively sffiall Accountancy firm
and it is not clear why POL chose them to undertake such a large and prominént piece of work or
whether they had sufficient expertise in this area.
2.31. The remit of their investigation was to “consider and to advise on whether there are any
systemic issues and/or concerns with the ‘Horizon’ system, including*training and support processes,
giving evidence and reasons for the conclusions reached”. Second, Sight’s investigation process had
several strands allowing affected SPMRs to be referred to,thevprocess via MPs, the JFSA or direct to
Second Sight. In total, 47 cases were referred into this process.”°
2.32. Whilst ShEx/UKGI and the Department were-aware of Second Sight’s appointment, the ongoing
correspondence with the JFSA and MPs, and Second Sight’s scope of work in general terms”, it is not
clear what specific reporting may have beensrequested by, or provided to, ShEx/UKGI/BEIS during this
time period specifically focused on Horizon»
Pre-Mediation & Second Sight’s Report
2.33. Second Sight conducted ‘théir research between June 2012 and mid-2013 and provided an
interim report in early July 2013 which was published by POL. The POL Board appears to have been
briefed on the contents of theinterim report as part of a board conference call arranged at short notice
on 1 July 2013. It is not’clear, however, whether the full version of the interim report was shared with
Board members in advance of the call.** The Shareholder Team had sight of the interim report and used
its contents to support BIS Ministers in a Parliamentary debate on 9 July where the Minister made the
following statement which was the core finding of the investigation: “[Second Sight] have so far found
no evidence.of system wide (systemic) problems with the Horizon software”. However, it is not clear
whether any detailed briefing was provided to Ministers specifically dealing with Second Sight’s report
prior to the statement made on 9 July 2013.
2.34. Second Sight’s report was welcomed by POL, who in response to other criticism made in the
report concerning business process, culture and training, established an independent working group
(the “Working Group”) ® to complete the review of cases raised with Second Sight, agreed to appoint an
> POL Board minutes of 23 May 2012 (paragraph POLB12/69 (b).
2° The deadline for the submission of cases and issues for the consideration of Second Sight was 28 February 2013. Some 29
cases were submitted through James Arbuthnot MP and 18 cases through the JFSA. Second Sight issued an Interim Report on
8 July 2013
» See Briefing to Norman Lamb of 27 June 2012 which refers to a full-scale review of Horizon being premature pending the
outcome of Second Sight’s review
2® POL Board Minutes of 1 July 2013 item POLB13/52
2° The membership of the Working Group comprised POL, the JFSA and Second Sight. Sir Anthony Hooper (a retried Court of
11
Page12
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
independent chair to review how best to adjudicate disputed cases in the future and to establish a new
branch user forum to “...create a channel for SPMRs and others to raise concerns at the highest level...”.
The Mediation Scheme
2.35. On 23 August 2013, POL announced the creation of an independent mediation scheme for
SPMRs, overseen by the Working Group (the “Scheme”) to implement the commitment made in July
2013 to take forward and review concerns regarding the Horizon system. The Working Group sought
applications from SPMRs who had a complaint about the Horizon system or an associated issue.
Applicants would have their cases investigated by Second Sight and referred onwards to the Centre for
Effective Dispute Resolution (“CEDR”), with a view to mediation of the dispute between the SPMR and
POL.
2.36. ShEx were aware of the details of the Scheme® and supported BEIS Ministets in answering
Parliamentary Questions on its intended operations, however, the Scheme itself ‘was “seen as an
independently chaired process, to implement the commitments made by its CEQ’@hd Confirmed by the
Minister in Parliament. By implication, the independence of the Scheme was.key'to It gaining support
from the JFSA and James Arbuthnot MP and was also keenly felt by its chair, Sir Anthony Hooper. *27? It
is unclear how closely the Shareholder Team monitored the progress being madé by the Scheme in light
of its purported independence, although we are aware that the Shareholder Team did see CEDR‘s
review of the Scheme dated 31 July 2015 which provided some assurance on the quality of process and
progress being made. The report noted certain challenges (suchyas*POL taking a legalistic approach to
mediation and recommending that POL do more to set expectations*for the postmasters). It also set out
a number of observations, including that postmasters failed'to identify relevant issues in advance, were
in some cases represented by non-legal advisors and.thatpostmasters had unrealistic expectations. In
addition, the CEDR noted that “the Post Office has been consistently responsive to CEDR’s requests....it is
clear from the reports that the Post Office has a willingness to explore the options, express empathy and
have constructive dialogue with the subpostmasters”. The report also noted that the Scheme did not
flag any issues that indicated any systemic.problem with the Horizon System or any miscarriages of
justice with respect to postmasters.
2.37. By late 2013, the Scheme had received 150 applications, of which 136 entered the full Scheme
(ten were resolved before entry and four were ineligible) which was more than twice those forecast by
POL.*? 37 applications were from SPMRs who had been convicted of a criminal offence. It was at this
point that the POL Board.fequested a standing item on Scheme cases be added to the Board’s agenda.**
2.38. — Early in 2014, real concern began to grow on the part of POL about the slow progress which was
being made concerning the Scheme investigations, the quality of the work of Second Sight, the
positioning of'Second Sight in supporting the Scheme and the growth in scope of the work of Second
Sight.*° POL’s concern, which was echoed by ShEx”, was that Second Sight was too small and
inexperienced to perform their task and that there was real concern that Second Sight had “/ost their
Appeal judge) was appointed the Chairman of the Working Group on 29 October 2013. It was also supported by James
Arbuthnot MP.
°° Briefing materials and media summaries were shared with the Shareholder team at the time and prior to launch.
=. Summary of public commitments made by the then Minister, Jo Swinson as part of the speech in Parliament to create the
mediation scheme “...it is important that further work is not only independent but seen to be independent...”.
* Although not written in the same time period, the paper(s) produced for the Sparrow SubCo meeting of 30 April 2014
emphasise the independence and arm’s length nature of the Scheme.
*° POL Board Minutes of 27 November 2013 (paragraph POLB 13/126).
** As above, this would be included in the CEO’s report (paragraph POLB13/126 (b)).
°° POL Board Minutes of 21 January 2014 (paragraph POLB14/7 (f)); and POL Board Minutes of 26 February 2014 (paragraph
POLB 14/18).
* Internal ShEx Briefing note “David vs. Goliath” dated [] 2014
*” Briefing note for Jenny Willott: “Second Sight appears unable to process and prepare cases quickly enough, or to a
sufficiently high standard.”
12
Page13
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
independence and have become emotionally involved in the cases of individual subpostmasters.” ShEx
was aware of the delays in the Scheme and the growing frustrations of POL and set out POL’s concerns
in briefing notes to Ministers.*®
2.39. Concurrently, the JFSA also began to lose faith in the Scheme in early 2014.** In April 2014, Alan
Bates wrote to Jo Swinson MP setting out a list of concerns related to the progress of the Scheme noting
the failure of POL to properly co-operate with Second Sight to enable them to complete their reviews.
He went on to note that too many outside of POL thought that the only resolution of the Horizon issue
would be via courts and in his view Second Sight were probably “the only company presently able to
offer an independent, professional and reasoned insight into what has been going wrong at POL and
Horizon over the years”.*° In response, and on the advice of ShEx, Jenny Willott (the minister providing
maternity cover for the Post Office portfolio) responded to Alan Bates noting that while supportive of a
resolution “Government cannot be involved in operational matters concerning Post Office ‘Ltd or the
Working Group.”**
2.40. In April 2014 (following the POL Board approval of its creation at the 26-March 2014 meeting),
the POL Board established a new board sub-committee to monitor the Scheme and Consider whether
any alternative arrangements might be necessary to secure closure of the issues. This was code named
‘Project Sparrow’. Importantly, following the change in the Shareholder NED ftém Susannah Storey to
Richard Callard’’, UKGI had detailed visibility on the papers and issues. being discussed at this sub-
committee via Richard Callard’s membership. From a review of,the POL Board minutes at the time,
other than via a high-level summary via the CEO’s report to the*POk Board, and occasional inclusion of
minutes of discussions, the details of the Board Sparrow Sub-Committee (“Sparrow SubCo”) discussions
do not appear to have been fully communicated to the’POL Board. Nor is it clear whether the legal
advice presented to the Sparrow SubCo was presented to the POL Board.”
2.41. At this same board meeting (26 March 2014), the POL Board also commissioned Deloitte to give
them comfort about Horizon. The inference that we have drawn from the documentation we have seen
to date is that POL appears at this point to;have lost confidence in the Scheme and, in particular, Second
Sight’s ability to provide independent investigation of issues related to Horizon. This work consisted of
(i) a desktop exercise to assess the control framework within which Horizon operates; and (ii) an
assessment of the integrity of the Horizon processing environment at implementation (i.e. to determine
whether Horizon was set up correctly) and (iii) a response to the most significant thematic issues raised
by Second Sight. * The purpose of this work was to provide the POL Board with “the truth about the
reliability of the system” to counter ‘scepticism’ elsewhere.*°
2.42. A draft executive summary of Deloitte’s work against part (i) above, was presented to the board
at its 30" April meeting jointly by POL’s CIO and General Counsel alongside a partner at Deloitte. At this
point, Deloitté*had, focused on providing ‘...assurance that the control framework, including the security
and processes for change, were robust from an IT perspective...’. “’ In Deloitte’s opinion, as expressed to
the POL board, ‘...a// work to date showed that the system had strong areas of control and that its
** Briefing Note for Ministerial meeting with Alan Bates, JFSA April 2014
°° The JFSA objected to POL’s approach to mediation. Public criticism of POL, including of its approach to the Scheme, on the
part of MPs (particularly James Arbuthnot MP) grew during 2014.
* Letter from Alan Bates to Jo Swinson MP dated 16 April 2014
“Letter from Jo Swinson to Alan Bates dated [ ] April 2014
* Susannah Storey’s last board meeting was 26 March 2014; Richard Callard attended POL board meetings as an observer
from Feb 2014 but wasn’t formally appointed until 26 March 2014.
“8 Sparrow SubCo papers contain summaries of legal advice it is unclear whether these were produced within POL or by
external Counsel (Jan 2015 Sparrow SubCo meeting).
“ POL Sparrow SubCo minutes of 9 April 2014 (paragraph PS 14/4 (a) — (f))
* Project Brisbane Report — paragraph 6 Project Zebra
“© POL Board minutes of 30 April 2014 (paragraph POLB 14/55 (a) - (g)).
*” As above.
13
Page14
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
testing and implementation were in line with best practice...’. “® We note that the findings of this advice
provided the POL Board and Shareholder Team with assurance on Horizon’s robustness at the time. In
light of that assurance, the POL board queried whether a similar exercise could be undertaken for the
pre-2010 Horizon system and Deloitte was tasked to produce a proposal for conducting such work.
2.43. The second and third parts of Deloitte’s work in 2014 appear to have been presented in a
summary form to the POL board via email on 4 June 2014. “° UKG Legal has not reviewed this summary,
rather we understand (relying on the summary in POL’s Project Brisbane Report and the Parker Reviews
in support), that Deloitte’s board briefing highlighted three aspects of Horizon relevant to this report:
a. that database access privileges which “would enable a person to delete a digitally signed
basket” do exist, but are “restricted to authorised administrators at Fujitsu”;
b. those privileges “would enable a person to create or amend a basket and re-sign.it with a
‘fake’ key, detectable if appropriately checked”; and
c. that administrators had the ability to “delete data from the Audit Store during the seven
year period, which was a matter...contrary to POL’s understanding...This could allow
suitably authorised staff in Fujitsu to delete a sealed set of baskets.and replace them with
properly sealed baskets, although they would have to fake the digital signatures” .*°
2.44. Based on the reported summary of the Deloitte reports (above), it appears that the POL Board
and shareholder NED would have been aware that some form of remote functionality by Fujitsu was
theoretically possible but at the time this did not any raise red-flags ‘about the overall robustness of the
Horizon system or its correlation to alleged shortfalls given the overall assurances provided by Deloitte’s
report.
2.45. By early June 2014, POL was having internalediscussions through the Board’s Project Sparrow
SubCo about the possibility of closing down the Working Group and resolving the cases in another way,
including potentially moving the process in-house. POL was also considering the replacement of Second
Sight. UKGI was aware of a degree of frustration within POL as to the delays with the Scheme and
potential issues with the quality of the\work being undertaken by Second Sight. These concerns were
raised with Ministers in the context*of ongoing meetings with the JFSA and in response to further
concerns raised in the media and by MPs. *
2.46. It is clear from briefing packs produced for ongoing Parliamentary scrutiny of POL policy that
much of the material was produced by POL and incorporated by UKGI into Ministerial briefing packs and
speeches. It is, however;,unclear, what degree of challenge was given by UKGI to the contents of that
material and the definitive nature of some of the statements the Minister was asked to make on the
record.*
Closure of the Mediation Scheme & Second Sight’s Final Report
2.47. By February 2015, the JFSA were refusing to engage in the Working Group process and had lined
up a law firm with a publicly declared intent of preparing potential litigation. There were also growing
concerns with the scope of Second Sight’s scope of engagement and their focus on broader issues
relating to POL’s relationship with SPMRs and not strictly on Horizon IT issues. POL was facing increased
criticism from MPs following a BIS Select Committee hearing on 3 February 2015.
* As above.
“project Brisbane Report — paragraph 6.3; Parker Review — paragraph 138.
5° Parker Review — paragraph 140.
> Email correspondence between ShEx team and Ministerial private office dated 30 September 2014.
* Email correspondence between ShEx team and Ministerial private office dated 8 December 2014
* BIS topical briefing pack contains details of financial and other reconciliations of Horizon software and other back-office
processes which is a replica of POL’s written supplementary evidence to the BIS Select Committee of February 2015.
14
Page15
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.48. Ina report to the Sparrow SubCo in mid-February 2015, the POL General Counsel recommended
a change in strategy and that POL move to a presumption of mediation in all non-criminal cases in order
to accelerate the delivery of the Scheme. This approach was approved by the POL Board. On 10 March
2015, POL announced it would mediate all Scheme cases, save for those which had been the subject of a
court ruling (whether or not to mediate those cases was to be considered case-by-case). This decision
effectively removed the core purpose of the Working Group and POL announced its closure on the same
day.
2.49. _ BEIS ministers received a volume of correspondence and Parliamentary activity in the wake of
the Scheme closure announcement (and on an ongoing basis into late 2015) which was responded to by
the Shareholder Team in the normal course of business. In preparing responses for Ministers it is clear
that the ShEx team were:
a. aware of stakeholder views that the closure of the mediation scheme was instigated by POL to
shut down discussion; and
b. aware that the Scheme had suffered delay and was also strugglifig with expectation
management of claimants.**
2.50. Following the closure of the Working Group, POL also instructed Second'Sight on 10 March 2015
to issue a completed version of their Part Two Report.** However, this instruction specifically reduced
Second Sight’s scope to “..those topics on which it has sufficient knowledge, experience and expertise...
matters such as the standard Subpostmasters contract and prosecution issues are outside of Second
Sight’s expertise...”.*° The final part two report from Second,Sight Was issued on 9 April 2015 (the “Final
SS Report”). Also, in April 2015, POL produced a reply to the Final SS Report.
2.51. In the Final SS Report, Second Sight highlighted. that their work was limited by POL’s refusal,
with which they did not agree, to provide three categories of information. Those were: (a) the complete
legal files; (b) the complete email records of POL employees working at Fujitsu’s Bracknell office for
2008; and (c) detailed transactional records. relating to POL’s suspense account (paragraphs 2.1-2.19).
Second Sight concluded that POL “didshave, and may still have, the ability to directly alter branch
records without the knowledge of the relevant” SPMR (paragraph 2.12).
2.52. The Final SS Report dealt.with 19 common issues, which were referred to as ‘thematic issues’.
Most notably Second Sight found ‘that that the contract between POL and SPMRs was not always
provided to SPMRs and the contractual terms, placing responsibility for losses on SPMRs, was “unfair”
(paragraphs 3.6-3.8, 6.1*6.16). They also reported that Horizon was insufficiently error repellent, in that
“the majority of branch losses were caused by ‘errors made at the counter’”, which could have been
avoided if the systems had been improved. Second Sight took the view that POL had little incentive to
do so (paragraphs3.11-3.14). In addition, Second Sight also raised in their review of the thematic issues,
several findings that indicated that Horizon had potential to result in branch account losses.
2.53. POL issued a public statement in April 2015 in which it was critical of the Final SS Report,
particularly noting that it was too broad in its application, did not provide any concrete evidence that
specific issues had caused shortfalls and comments on issues outside of their remit and expertise. The
UKGI shareholder team in reviewing the Final SS Report and as a result of their dialogue with POL on the
findings, did not consider that the Final SS Report pointed to systemic issues in relation to Horizon. Our
review of available documents to date indicates that the Final SS Report was not presented to either the
Sparrow SubCo or the POL Board. The review of materials we have seen to date also indicates that POL’s
3 Submission to Jo Swinson dated 4 March 2015; Submission to SoS and Jo Swinson dated 11 March 2015; and Submission to
the Secretary of State dated 18 March 2015.
* Presentation from POL to Baroness Neville-Rolfe dated August 2015.
°° As above — reference to Second Sight engagement letter of 10 March 2015
15
Page16
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
detailed response to the Final SS Report and its handling were not debated by the full Board and
Sparrow SubCo.
BBC Panorama Programme
2.54. On 17 August 2015 the BBC broadcast a Panorama programme ‘Trouble at the Post Office’ (the
“Panorama Programme”). It featured a number of SPMRs (who have been the subject of criminal
convictions, including some who had pleaded guilty to criminal charges), James Arbuthnot MP,
Professor Charles McLachlan (who had appeared as an expert witness in defence of Seema Misra when
she was convicted by a jury of theft, having pleaded guilty to false accounting) and a former Fujitsu
employee named Richard Roll (the “Fujitsu Whistleblower”).
2.55. The Fujitsu Whistleblower’s participation was the only genuinely new information in the
broadcast, but it was of potential significance. The Fujitsu Whistleblower told Panorama that he and his
fellow Fujitsu employees saw a “lot of errors, a lot of glitches” on the Horizon system. He said that
financial records were sometimes changed remotely, without the SPMRs knoWing)(which POL had
always said could not happen and that they “went in the backdoor and made.chdnge. Sometimes you
would be putting in several lines of code in at a time. If we hadn’t done that then the counters would
have stopped working”.
2.56. On 31 July 2015, prior to the broadcast of the Panorama programme, ShEx updated Ministers on
the likely content of the programme, including that it would include ‘an interview with: “A former Fujitsu
(supplier of Horizon) employee, apparently a whistleblowersaying that POL can remotely alter branch
accounts to cause discrepancies” and that “This is related to,an account by Andrew Bridgen MP’s
constituent Mr Michael Rudkin, which Mr Bridgen raised in Parliament.” *” ShEx noted that there were
no new allegations being made in the Panoramaeprogramme and repeated to Ministers assurances
received from POL that POL planned to defend themselves robustly against them.
2.57. ShEx corresponded further with POL on.this matter in July-August 2015 in the run up to the
broadcast date, including in relation to their proposed communication approach to the Panorama
Programme. On 7 August 2015, POL’provided ShEx with the statement provided by POL to Panorama,
which again included a robust denial of the ability of POL or Fujitsu to edit branch transactions without
an audit trail.°*
2.58. We have not seen any evidence from the POL Board papers that the allegations made in the
Panorama programme®were discussed by the POL Board. Our impression is that the Fujitsu
Whistleblower was another allegation about remote access in what appeared to be a continuing stream
of allegations about remote access, in relation to which POL had received assurances from Fujitsu. POL’s
statement to’Panorama in relation to the remote access allegations made by Mr Roll was that “Neither
Post Office nor Fujitsu can edit the transactions as recorded by branches. Post Office can correct errors
in and/or update a branch’s accounts by inputting a new transaction (not editing or removing any
previous trdnsactions). However, this is shown transparently in the branch transaction records. There is
no evidence that any branch transaction data was inappropriately accessed from a remote access
point.”
2.59. It appears that the focus of ShEx at that time was whether the Panorama Programme would be
critical of government and the prevailing view appeared to be that the allegations at the heart of the
Panorama Programme, including the emergence of the Fujitsu Whistleblower, were matters for POL and
that it would be inappropriate for government to comment further.
*” Submission from ShEx to Baroness Neville-Rolfe dated 31 July 2015. An earlier submission from ShEx to Baroness Neville-
Rolfe and George Freeman dated 24 June 2015 mentions that the Panorama Programme was to contain an interview with a
former Fujitsu employee but does not mention the fact that that they are a whistleblower.
5® Email chain between POL Communications and Corporate Affairs Director and ShEx dated 7 August 2015.
16
Page17
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.60. Following the broadcast of the Panorama Programme on 17 August 2015, Baroness Neville-
Rolfe received an email from Andrew Bridgen MP, Kevan Jones MP and Oliver Letwin MP on 24 August
2015 requesting a meeting and noting that various statements in the Panorama Programme, including
the allegations of the Fujitsu Whistleblower, required urgent investigation.** In a letter response to
Oliver Letwin dated 10 September 2015, Baroness Neville-Rolfe referred to briefing notes prepared by
ShEx officials that highlighted that these issues were “an operational matter for Post Office Limited” and
that a Government or judicial inquiry would be inappropriate where mediation or civil claims remain
available to SMPRs. In addition, the briefing note reiterated that “A Government investigation would be
unlikely to find the “smoking gun” campaigners are seeking or provide large compensation payouts,
given the amount of scrutiny this issue has received... unless there is evidence of wrongdoing on the
part of Post Office, there is no need for Government to intervene.”
2.61. Further, in response to concerns raised by MPs, Baroness Neville-Rolfe (with the assistance of
ShEx), wrote to Tim Parker on 10 September 2015 noting the increased MP interest inthe Horizon IT
system since the Panorama Programme and the calls from MPs for an independént investigation. The
letter noted that “Government takes seriously the concerns raised by MPs regarding the Post Office
Horizon system and the suggestions that there may have been miscarriages of justice as a result of
issues with Horizon. I am therefore requesting that, on assuming your role as Chair, you give this matter
your earliest attention and, if you determine that any further action is necessary, you will take steps to
ensure that happens.”
The Parker Review
2.62. As mentioned above, on 10 September 2015, following the Panorama Programme and the
assurances made by Baroness Neville-Rolfe to MPs, Baroness Neville-Rolfe wrote to Tim Parker
requesting that on assuming his role as Chairman ‘he give the issues relating to the Horizon system his
“earliest attention” and take any further action should it be deemed necessary. In response, Tim
Parker appointed Jonathan Swift QC (former Treasury Counsel) and Christopher Knight (both barristers
from chambers at 11 King Bench Walk, Temple).
2.63. Jonathan Swift QC and Christopher Knight produced a 67-page report dated 8 February 2016
(the “Parker Review”) which:covered in some detail the nature of the relationship between POL and
the SPMRs, the Horizon system and the Horizon complaints. The report then went on to analyse four
different areas, namely:(i) ¢riminal prosecutions; (ii) the Horizon system; (iii) training and support
provided to SPMRs; and,(iv),the mediation scheme investigations of individual cases. In relation to all
four areas the review.sought to address two principle questions, firstly, what had already been done in
the 2010-2015 period and, secondly, what further work could be done to plug any remaining gap.
2.64. The Parker Review made a number of findings and eight recommendations, a more detailed
summary of which is highlighted in Annex Two. One of the most noteworthy findings was that in
May/Juné"2014, the POL Board was aware that branch records could be remotely altered without the
need for acceptance by SPMRs, which was contrary to the public assurances provided by Fujitsu and POL
at the time about the functionality of the Horizon system. The Parker Review concluded by making eight
recommendations, including that POL instruct suitably qualified specialists to carry out analyses /
reviews into Horizon and into the controls over and capability of Fujitsu employees to remotely amend
branch data. Some of these recommendations resulted in Deloitte being commission to undertake
further work into examining the issue of remote access. A very high-level summary of Deloitte’s follow-
up work, “Project Bramble”, is included in Annex Two. In addition, the Parker Review also made
*° Email chain from Andrew Bridgen MP, Kevan Jones MP and Oliver Letwin MP to Baroness Neville-Rolfe dated 24 August
2015 and email to ShEx.
Letter from Baroness Neville-Rolfe to Tim Parker dated 10 September 2015.
® Tim Parker Review dated 8 February 2016.
17
Page18
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
recommendations for a review of POL’s approach to historical convictions including how POL had
approached plea-bargaining as well as whether further disclosure of the issues discussed in the Deloitte
report were required.
2.65. A review of the POL Board papers from this time, indicates that the Parker Review, its
recommendations or the status of the implementation of those recommendations were not shared with
or discussed by the POL Board. We note that Tim Parker has said that he was advised by POL’s General
Counsel (Jane MacLeod) that the report should not be shared for confidentiality and legal privilege
reasons. We note that this is an unusual response; legal privilege should not be used as a way of
shrouding findings from as asset’s board, particularly where it makes recommendations for further
investigative work. It is not clear whether the POL Board would have adopted a different approach to
Tim Parker but on issues as material to POL as those being explored, collective decision-making on this
point would have been more appropriate. This view, was reiterated in a letter from the BEIS Permanent
Secretary to Tim Parker on 6 October 2020."
2.66. Following the finalisation of the Parker Review, Tim Parker wrote a letter)to Baroness Neville-
Rolfe on 4 March 2016 providing a broad overview of the outcome of his review (48 opposed to the
report itself) and the further actions that were being taken. Tim Parker stressed in the letter that the
update he was providing and the work that underpinned it was subject to legal professional privilege
and provided in confidence but notes that he is “of course, aware that.once the various additional
strands of work [he is] pursuing are complete, we will need.to-find an appropriate method of
communicating the results of [his] review to a wider audience” yalthough we did not see evidence of this
ever happening. The letter also noted that Tim Parker shad¢ commissioned various individuals to
complete the work recommended in the Parker Reviews As*far, as we have been able to ascertain to
date, not all of the 8 recommendations in the report Were progressed as doing so was delayed and/or
deprioritised when the group litigation was commenced:
2.67. On 27 April 2016, Baroness Neville-Rolfe had’a meeting with Tim Parker, to discuss his progress
with the outstanding actions recommended. in the’Parker Review.® The briefing produced ahead of that
meeting suggested that Baroness Neville-Rolfe raised how she could communicate the findings of the
review with interested parties suchvas Andrew Bridgen MP and Lord Arbuthnot (noting the potential
legal difficulties with this approach), It appears, that no further action after this meeting was taken to
pursue follow-up actions because thé JFSA issued court proceedings shortly thereafter.
2.68. The response of the POL’Board and ShEx/UKGI to the issues raised by the Fujitsu Whistleblower
and Tim Parker Review alsoiprovide an insight into the lens with which the JFSA complaints were viewed
at the time. The impression gleaned is that the POL Board and the Shareholder Team were very close to
the Horizon issues and*had received multiple assurances that the type of remote access alleged was
either not possible, not a problem, or unrelated to the JFSA claims. In addition, the continual swathe of
media coverage, parliamentarian questions and lobbying activities of the JFSA, may well have made it
very challenging for the POL Board and Shareholder Team to view certain key events objectively and to
challenge the POL executive with this lens in mind.
The Group Litigation Order (“GLO”)
® Letter from Sarah Munby to Tim Parker dated 7 October 2020.
® Briefing note from ShEx to Baroness Neville-Rolfe dated 26 April 2016.
® The GLO was a Group Litigation Order applying to all claims made against POL by Claimants: (a) who claim to have suffered
losses as a result of Post Office Limited having: (i) inappropriately attributed to them and/or inappropriately recovered
alleged shortfalls in branch accounts from them; (ii) suspended them, terminated or induced their resignation from their
appointments or engagements, for a reason related to inappropriately alleged shortfalls in their branch accounts; (iii)
18
Page19
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2.69. Legal proceedings were commenced against POL in April 2016 and a GLO™ was made on 21
March 2017. Ultimately approximately 550 Claimants joined the proceedings, mostly SPMRs along with
a small number of Crown Office employees and managers/assistants. Approximately 30 claimants had
been convicted of criminal offences.
2.70. Given legal proceedings had been announced, the government’s public line in respect of the
litigation at this time was: “This is an operational matter for Post Office Ltd. As legal proceedings have
been announced, we are unable to comment further.” The Shareholder Team provided briefings to the
Minister in respect of key developments, these were based on the agreed approach that the litigation
was for POL to manage, and that government would maintain an appropriate distance. Where there was
limited information to report, briefings were provided less frequently (for example, in 2017 there were
very limited updates to be provided between the GLO being made and the Case Management
Conference described below). Between September 2016 and March 2018, the UKGI Risk.Registers
referring to the Project Sparrow civil litigation include a number of reoccurring principles’highlighting
this approach, namely:
a. “POL have external legal advisors employed on the civil litigation including a QC”
b. “{POL] continue to update UKGI through the Board and directly on key stages”
c. “this [litigation] is a legal matter and distinct from Government”
2.71. In October 2017, a Case Management Conference was held withthe managing judge, Mr Justice
Fraser, and he set a timetable for dealing with the litigation, fixing, two trials:
a. the Common Issues trial in November 2018 to determine the nature of the contractual
relationship between SPMRs and POL and the. obligations owed by each party pursuant to
it; and
b. the Horizon Issues trial in March 2019'to address the reliability of Horizon.
2.72. Throughout the period betweene2016.and early 2019, regular updates on the GLO were
provided to and discussed by the POL Board.and Group Litigation Sub-Committee on the progress of the
litigation, but these were generally,characterised as factual updates on position as opposed to active
discussions of strategy or next steps, Typically, updates were provided verbally by the General Counsel
(to preserve legal professional privilege) and therefore it is difficult to determine with certainty in
retrospect the visibility provided to the Board on strategy and prospect of success.
2.73. In March/April\2018, several steps were taken by the Shareholder Team to ensure the
Department had greater visibility over the legal advice received by POL and its strategy going forwards.
These included:
a. Litigation Protocol: the UKGI General Counsel initiated the implementation of a litigation
protocol to ensure visibility over the legal advice received by POL. From April 2018, the
UKGI risk register indicates “UKG/ seeking to put protocol in place to ensure Perm Sec
remain (sic) up to date” which was updated in June 2018 to indicate “[POL] continue to
update UKGI [...] directly to UKGI’s Legal Counsel under a Disclosure Protocol that protects
legally privileged information”. This exercise was initiated in March 2018 as a consequence
of the lessons learned exercise following the Magnox Inquiry, and agreed with POL on 11
June 2018. The protocol with has remained in place since to permit information sharing on
Horizon related matters and other material litigation issues;
pursued civil or bankruptcy proceedings, criminal prosecutions and/or restraint applications against them for a reason
related to inappropriately alleged shortfalls, and/or; (iv) sought to do any of the foregoing for a reason related to
inappropriately alleged shortfalls in their branch’s accounts; and (b) whose claims gives rise to one or more of the relevant
GLO Issues.
® Submission to Baroness Neville-Rolfe (Post Office Horizon: update on group legal action) dated 3 May 2016.
19
Page20
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
b. Merits opinion: having absorbed the lessons learned from Magnox, the Shareholder NED
challenged POL to obtain [Drafting Note: specific date to be confirmed] and critically
consider a merits opinion in respect of settlement of the litigation; and
fom Group Litigation Sub-Committee: the Shareholder NED was appointed to the Group
Litigation Sub-Committee from its establishment in January 2018. The committee first met
in March 2018 and continued to meet at least bi-monthly on a schedule designed to
complement the litigation timetable. Membership of this committee provided the
Shareholder NED with additional, timely updates, as well as increased visibility on strategy
and opportunity for challenge.
2.74. As well as lobbying POL to obtain a merits opinion in respect of settlement, the Shareholder
Team [and UKGI General Counsel] also considered whether there was any benefit tdasking POL to
commission a second opinion. However, considering the proximity of the Common ‘Issues trial,
scheduled for November 2018, and apparent robustness of the existing legal opini6n, véry little traction
with POL was made in exploring this option.
2.75. Throughout its conduct of the GLO litigation, POL’s conduct was in linéWwith the legal advice it
received. In respect of the Common Issues trial, the Group Litigation Sub-Committee was advised in July
2018 that leading counsel for POL considered POL to have the “bettérarguments” and in light of this,
the reporting to the POL Board appears to have been positive inrespect’of the prospect of success.
2.76. _UKGI continued to probe POL further into the conduct of the litigation in the run up to the start
of the Common Issues trial. For example, a summary ofthe litigation to date, including the counsel
opinion, was provided to the Permanent Secretarysin May 2018, and updated in August 2018 and a
meeting arranged between the Minister, the Permanent Secretary and the POL General Counsel, Chair
and CEO in October 2018 to discuss the “issues at stake”,©° merits opinion and more general strategy.
This meeting was proposed by the Shareholder'Team, via the Shareholder NED, in connection with the
team’s concern over the sufficiency of POL’s,contingency planning. In preparation for this meeting, POL
prepared a briefing paper, which included the following line on prospects of success: “Post Office’s
external Counsel believe that Post Office has the stronger arguments on most of the Common Issues,
nevertheless they caution that Post’ Office is unlikely to be successful on each and every one of the
Common Issues, given the judicial tendency to provide a degree of balance between the parties.”””
2.77. It was evident during:this process that the POL executive and legal team had a very firm belief in
the robustness of Horizon and the generally positive legal advice they had received to date. This
confidence manifested’ in a reluctance to expend resource on considering alternative courses or
contingency,attivities. While there is some merit in a clear and confident litigation strategy, holding to a
narrow line too rigidly, as the POL team did here, meant that they lacked the flexibility to adjust their
strategy at speed, either in the face of valid constructive challenge or of unexpected turns of events.
2.78. In March 2019 (shortly after the Horizon Issues trial began), Mr Justice Fraser handed down his
judgment on the Common Issues trial. It was highly critical of POL and the way it had treated SPMRs.
The judgment also determined that the contract with SPMRs was “relational” and, as a consequence,
imposed on POL a number of obligations owed to SPMRs. In particular, the burden of proving that a
shortfall was owed by a SPMR was on POL. This judgment was a surprise to the POL team, both at legal
team level and at the POL Board and prompted POL to make an application seeking the recusal of the
managing judge of the GLO, Mr Justice Fraser on grounds of bias. The UKGI NED recused himself from
this decision at Board level [for conflict reasons: as a representative of it would have been inappropriate
for the UKGI NED to be party to a decision which would seek to interfere in the workings of the judiciary,
® Submission to the Permanent Secretary - POL Litigation Update August 2018.
°” Briefing Paper prepared by POL for meeting on 17 October 2018.
20
Page21
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
POL’s application for recusal was refused and POL went on to appeal both the Common Issues judgment
and Mr Justice Fraser’s decision to refuse to recuse himself. The Court of Appeal refused both
applications for permission to appeal.
2.79. Asa result of the surprise outcome of the Common Issues trial, from March 2019 onwards, the
POL Board also took a more active role in decisions related to the GLO, and it is notable that more
comprehensive written updates, rather than verbal updates from the GC, were provided to the Board
for consideration and relevant POL Board discussions minuted more fully during this period. The POL
Board also instigated a change of its external legal team, its GC and significantly altered its strategy to
pursue settlement. The Shareholder Team continued to be actively engaged with legal advice by POL,
assisting the Shareholder NED to ensure he was able to mount appropriate challenge through his
position on the POL Board, and were also instrumental in the replacement of the legalrteam and
adoption of more agile, settlement focussed strategy.
2.80. The Horizon Issues trial commenced in the spring 2019 and finished in the summer of 2019,
having been adjourned soon after its start in March as a result of POL’s unsuccessfiil application to have
Mr Justice Fraser recused. At a high-level the issues in dispute and to be resolved'included: (i) whether
bugs, errors and defects had the potential to affect the accuracy and integrity of data (and whether
Horizon was robust and resilient); (ii) controls and measures for preventing/fixing bugs; (iii) whether
remote access to the system was possible; (iv) availability of information; (v) accessing and editing
transactions and accounts; and (vi) disputing shortfalls and corrections:
2.81. In December 2019, just before the judgment was handed down on the Horizon Issues trial but at
a time when the parties had seen the draft judgment, the GLO was settled. POL agreed to pay
approximately £57 million and to set up a scheme for addressing historic shortfalls suffered by other
SPMRs that were not part of the GLO. The POL»Board supported the strategy of settlement and
delegated to the Group Litigation Sub-Committee and'General Counsel authority to determine quantum
in the course of the mediation. [The UKGI shareholder team were actively involved in assisting HMG
with its process to approve POL’s settlement, strategy process and sat on a joint BEIS-HMT-UKGI
committee that was set up for this purpose.]
2.82. I When judgment was handed down on the Horizon Issues trial on 16 December 2019 it was again
critical of POL and found that the Horizon IT system was not as reliable as POL had asserted. Mr Justice
Fraser’s key findings were overwhelmingly in favour of the SPMRs. For example, some of the key
findings included:
a. “There was a significant and material risk on occasion of branch accounts being effected in
theeway, alleged by the claimants by bugs, errors and defects.” The Court found that
€Vidence demonstrated that there were numerous bugs in Horizon, some present for many
years, to a far greater extent than POL had previously acknowledged;
b. It was possible for bugs, errors and defects of the nature alleged by the claimants to have
the potential to cause shortfalls or discrepancies and to undermine the reliability of Horizon
to accurately record transactions;
c Remote access by Fujitsu was possible: they were able to access and alter branches’
Horizon data remotely; and
d. In relation to POL culture: “the stance taken by the Post Office at the time [...] demonstrates
the most dreadful complacency, and total lack of interest in investigating these serious
issues, bordering on fearfulness of what might be found if they were properly investigated”
68 and later in the same judgement, “/t ought also to be noted that the truth did not emerge
internally within the Post Office in the email answers provided to internal inquiries [...] by
senior Post Office personnel, such as the Chief Executive, who posed the specific question in
°° Extract of the findings of Mr Justice Fraser, GLO judgement paragraph 219
21
Page22
Draft Dated 28" June 2021
UKGI00048173
UKGI00048173
preparation for providing evidence to a Select Committee and asked: “What is the true
answer?” ®.
° As above, paragraph 545
22
Page23
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
3. PRELIMINARY LESSONS LEARNED
3.1. This section provides a preliminary overview of some of the lessons that can be learned from a
shareholder perspective from POL’s handling of the Horizon issues. This is by no means an exhaustive
list and UKGI Legal will consider further as its understanding of the facts and keys findings develops over
time. However, we have set out below some initial observations and principles that will help UKGI
reflect on the practices it adopts in the performance of its shareholder role across its portfolio of assets.
In reading this section, do note the following:
a. Many of these lessons benefit from hindsight and the actions proposed may not have been
reasonably expected or accessible to relevant stakeholders at the time;
b. Given the shareholder role UKGI performed for POL evolved over time, UKGl’may:not have
been as well placed to take certain actions as it is in the present;
c We have separated the lessons learned into two sections: (i) new lessons learned from a
governance perspective and (ii) lesson re-learned which primarilyfocusion how the internal
lessons learned by UKGI with respect to Magnox were absorbed by UKGI from 2018 and the
benefits gained; and
d. With respect to new governance lessons learned, we note that these have two distinct
features: those that have broad implication for*POL and its Board and those that are
designed to offer practical suggestions to UKGIsharéholder teams.
LESSONS LEARNED IN RELATION TO GOVERNANCE — BROAD OBSERVATIONS
Whistleblowing
3.2. In the case of the Fujitsu Whistleblower, and in light of the public nature of the allegation and
the fact that if the allegation was true\it would have contradicted POL’s public statements on the
robustness of Horizon, it would be.expected that the POL Board would ensure that an appropriate level
of investigations into the allegation. had been undertaken, including the proper interrogation of Fujitsu.
There is no evidence that the’POL Board sought to do this at the time. Further, given the issue of remote
access was already known*to, the’POL Board, it should have considered whether the allegations of the
Fujitsu Whistleblower impacted the POL Board’s view of the risk associated with the Horizon remote
access claims.
Lessons:
1) Asset boards need to be able to satisfy themselves that the asset has appropriate procedures in
place to: (a) receive and assess whistleblowing claims; (b) conduct an appropriate level of
investigation into issues raised; (c) ensure any investigation will be independent and subject to
appropriate governance and oversight (in relation to which the asset should consider whether
it would be appropriate to seek external legal advice); and (d) provide visibility to the Board on
icant and/or high profile whistleblowing claims, including where there may be
material financial, reputational and/or political risk associated with the allegations. The UKGI
shareholder team should satisfy itself that in relation to each asset appropriate procedures are
in place and highlight (through the shareholder NED) any concerns to the relevant Board.
2) The shareholder NED must be aware of her/his responsibilities in this regard, including
recognising the financial, reputational and political impact significant and/or high-profile
allegations may have on both the asset and the UKGI, as shareholder, and ensure that the
23
Page24
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
Board and management of the asset responds to such allegations in an appropriate manner.
The shareholder NED must also check that there is an appropriate level of reporting to the
asset’s Board on whistleblowing or other forms of complaints generally and on the
investigation of any significant and/or high-profile allegations. The shareholder NED must be
willing to challenge the assets management team if she/he has any concerns about the manner
in which such allegations are being addressed, including whether there is a sufficient degree of
independence and objectivity in the assessment of the allegations and the assets response
thereto.
3) Where significant and/or high-profile allegations arise in a public forum, the UKGI shareholder
team must satisfy itself that the asset’s Board is alive to the risks that the issue might present,
and that the allegations are being addressed in an appropriate manner. Further, in the case of
UKGI, where the shareholder is HMG and is therefore subject to greater scrutiny than a
traditional shareholder, the UKGI shareholder team should consider whether. and to what
extent it would be appropriate for it to take a closer look at significant and/or ‘high-profile
allegations and the conduct of and/or output from any investigation undertaken by the asset in
relation thereto. The UKGI may do this directly or through the shareholder NED. In exceptional
circumstances, the UKGI may wish to consider initiating an independent third-party review.
4) The UKGI shareholder team must remain continuously curious and:be prepared to challenge the
asset’s Board on both the substance and handling of.any*significant and/or high-profile
allegations, to ensure that the merits of such allegations, are being, or have been, objectively
assessed. Where assurances are provided by theymanagement team in relation to such
allegations, the UKGI shareholder team should take such steps as may be appropriate to assure
itself that the asset’s Board has been provided. with sufficient information to test such
assurances, including whether they have been.(or should be) the subject of independent
scrutiny.
5) In addition, the UKGI shareholder team must periodically critically reflect on its own
assumptions and biases in relation tothe issue in question, to ensure that it is providing strong
and effective oversight.
Culture of our Assets
3.3. We note that issues relating to culture permeate the key timeline, for example, in relation to
POL’s treatment of .SPMRsvand grievance handling, the interaction between the POL Board and
executive and POL’s'seeming insistence that Horizon was robust. It is impossible for UKGI to opine or
fully understand.what was the root cause of these cultural issues, but nonetheless, it is of significant
importance that UKGI reflects on how it can, in the performance of its shareholder role, scrutinise, the
culture and values of the assets in its portfolio going forward.
Lessons:
1) Asset Boards are responsible for establishing an asset’s purpose, values and strategy and must be
ied that these, and its culture, are aligned. The Board is responsible for promoting the
desired culture within the asset.”” Correspondingly, UKGI shareholder teams must be able to
articulate what the culture, purpose and the values of an asset are, how an asset’s culture is
embedded into its strategy and business plan.
7 See FRC’s Corporate Governance Code 2018, Board Leadership and Company Purpose: Principle B.
24
Page25
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
2) Likewise, UKGI shareholder teams must use Board effectiveness reviews to assess whether an
asset is acting in accordance with the culture and values it articulates. As part of assessing a
Board's effectiveness review, UKGI should seek to assure itself that the asset’s culture is open,
transparent and one where “bad news” can be surfaced without defensiveness, with the Board
having the ability to take a detached view of the culture in the asset (including how the
leadership is living the culture and values).
3) Given the importance that culture plays in the corporate governance of an asset, UKGI should
table “culture” as a regular agenda item at quarterly shareholder meetings and in discussions
with the asset’s CEO and Chair.
4) Performance reviews of Chairs and CEOs should also focus on culture and values. In addition, an
emphasis on culture and values should be a feature of the Chair’s letters that Departments issue
annually with UKGI’s input.
5) Where UKGI has concerns or misgivings related to culture, this should be a red flag for both the
UKGI NED and Shareholder Team and extra vigilance in terms of monitoring these concerns
should be undertaken, including formal escalation to the asset’s Chairiand alerting the relevant
Permanent Secretary and/or Ministers.
6) UKGI shareholder teams should also receive regular training on issues related to culture and
corporate governance.
Cultural Attitude toward Horizon and Postmasters
3.4. For POL, Horizon meant the computer system but as Mr Justice Fraser found the “Horizon
system” was not just the IT, it was also the process for disputing and correcting errors, the telephone
helpline, the adequacy or otherwise of training and the day-to-day experience of running a busy post
office. The reliability of the IT system was*important but even had it been 100% reliable, these other
aspects of the “system” were equally ‘important and issues with any of them could have provided
explanations for why SPMRs were experiencing shortfalls. We have a few observations in relation POL’s
approach:
It is clear in hindsight that POL needed to take a holistic approach to Horizon in order to
understand ‘the whole SPMR experience and the issues at the core of their experience. In
light of the range of advice POL received at that time and its confidence in the robustness of
Horizon, ‘it seems that POL took a too legalistic approach to the mediation scheme. From
what-we, can gather, POL appeared concerned about how any concessions in relation to
Horizon might impact the legal arguments, without perhaps fully appreciating the wider
human, reputational and business impacts. The broader merits of the SPMR’s claims seem,
therefore, to have been overshadowed by the focus on the technical ‘Horizon question’.
ii. It is not clear to what extent the Board met with the JFSA or their representatives or took
steps to empathise with the complaints the JFSA were raising. As a result, the Board may
have had too sanitised a perspective of the issues and the human impact Horizon had
caused in practice, despite the hundreds of prosecutions for which POL were responsible.
Lessons:
1) In the future, where an asset is dealing with significant operational or legal matters, UKGI must
be assured that the significance of the issues in question are being viewed holistically and must
consider whether the board has an independent lens on how issues are being calibrated and
absorbed by the asset. This may involve arranging for the position to be presented to
25
Page26
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
individuals who have not involved in the process to date, and therefore able to interrogate and
challenge objectively without being hampered by historic or contextual trappings.
2) Where there is a growing number of stakeholders raising complaints against an asset, the Board
must consider meeting with the affected stakeholders directly and should go further in terms of
trying to gain the perspectives of the affected stakeholders with respect to the issues being
raised. Empathy is crucial in these instances and taking the time to talk directly to the
stakeholders or commission Board-led surveys for example, will help the Board appreciate the
issues for different perspectives and potentially reach more rounded outcomes.
Assets and operational independence — what level of intervention is appropriate?
3.5. We are aware, from the documents we have reviewed to date, that HMG’s response to POL
issues with Horizon and its relationship with SPMRs was characterised as an operational matter for POL
and one which government should not unduly interfere with. As a Public Corporation POL benefits from
significant independence from BEIS/UKGI and it is right that BEIS as shareholder, and UKGI as its
representative, should not seek to intrude too far into areas of day-to-day management.
3.6. However, it is important that the level and degree of appropriate challenge from either the
relevant Department or UKGI remains under constant review, notwithstanding its legal structure or the
BAU independence afforded to it as a result of its ALB classification» UKGI must remain constantly
curious and be prepared to lean further into issues where red flags from a corporate governance
perspective are being raised. In any HMG-asset relationship there*may come a tipping point in favour
of greater shareholder intervention and scrutiny: UKGlymust continuously challenge itself by asking
whether that point has been reached. Such challengexcan be effectively deployed via both the
shareholder NED and in the various forums the UKGI.shareholder team has with the asset. Alternative
routes could also involve raising corporate governance concerns directly with the relevant Permanent
Secretary or Ministers.
3.7. Where further challenge or scrutiny,is deemed necessary, shareholder teams and/or UKG! NEDs
should not feel constrained by either the descriptions of their roles in Framework Documents/company
Articles and/or pushback from the Asset’s management team that they are overstepping the bounds of
a non-executive role.
Lessons:
1) Where an asset’s Board is dealing with significant issues, UKGI should, in the exercise of its
corporate governance role probe:
a. whether the Board is fully exercising their s. 172 Companies Act duties to broadly act
in the best interests of the asset and its stakeholders as a whole; and
b, whether the Board has considered the relevant broader HMG policy and VfM
interests.
Most importantly, UKGI should satisfy itself that an asset’s Board should be considering both
(a) and (b), with the same degree of intensity and in tandem, when gauging whether a “tipping
point” has been reached.
2) Where an asset is grappling with an issue that had significant reputational, stakeholder impact
and/or VfM consequences it is appropriate for UKGI as the shareholder representative to
consider whether it needs to further challenge the asset’s board on strategy, risk calibration
and overall direction, including whether a “deep dive” into these matters is appropriate.
26
Page27
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
3) Where performing an such intensive review, UKGI will have to consider its role to ensure that
governance lines are not blurred and that the relevant sponsor Department and Minister are
supportive of a more hands-on approach. Note that this must be the case in respect of all
matters which fall into this category, not just where matters are I
Clear Delineation between Policy and Shareholder Roles
3.4. Until August 2018 (and the establishment of the BEIS policy team), UKGI held the combined
policy, commercial/financial and governance functions in respect of POL, which included dealing with a
high volume of correspondence from MPs and affected stakeholders, liaising with POL on Horizon
matters, and, to a more limited extent, formulating policy on behalf of the department with respect to
POL (e.g. leading public consultation exercises to determine future funding and service level
requirements).
3.5. This dual function may have made the role of objectively challenging POL and its Board harder
to deliver in practice. Whilst the policy function is responsive to ministers and/therefore reflects the
prevailing position of the sponsoring department, the shareholder role’s objective focus on corporate
governance matters must consider a broader set of perspectives and issues and should be performed for
the benefit of the Exchequer as a whole.’ Shareholder teams should have the ability to assess and
determine the appropriate course of action for an asset and/or provide challenge to a pre-existing policy
position when new information comes to light notwithstanding the level of ministerial or parliamentary
difficulty that may ensue.
3.6. While it is, in principle, possible for a team to fulfil both these functions, developing best
practice within UKGI since 2018 advocates for the separation of the policy function from the shareholder
role to permit the relevant shareholder team to focus.specifically on commercial/financial monitoring
and corporate governance oversight. And to be able to provide an independent and impartial view of
the operation of departmental policy without\being burdened with the consequences.
3.7. Whilst policy and shareholder, interésts are often aligned, there may be circumstances where
the two roles conflict. Particularly in the context of stressed situations (including the challenges being
faced by POL), there can be a degree of divergence between the interests and areas of focus of the
policy and shareholder roles’ A\separation between the two functions is especially crucial where
conflicts to arise to avoid one or both of the roles being compromised.
Lessons:
1) UKGI must_ensure that its operating model does not allow for the performance of policy
functions alongside the shareholder role. The two roles must remain separate. It is an essential
element of the shareholder role that UKGI teams are able to critically assess the impact and
effectiveness of policy in the context of assets and are not unduly influenced by policy
considerations.
2) Particularly in the context of stressed situations, it is possible that there could be a divergence
of interests between the policy and shareholder roles. UKGI teams should endeavour to ensure
there is appropriate separation between the roles to allow them to fully and properly focus on
independently challenging the asset’s performance, without being unduly influenced by policy
objectives they were involved in formulating.
™ Managing Public Money describes this a guiding principle for all public policy activities:
https://assets. publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/994902/MPM_ Spring
21 with annexes 180621.pdf
27
Page28
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
3) UKGI must critically assess whether the asset is performing in line with the best standards of
corporate governance and be able to brief Perm Secretaries and/or Ministers that red flag
concerns are being raised, even where officials within the policy function may not share the
same concerns.
4) UKGI teams should ensure there is clarity with the relevant Departmental policy team as to who
will lead on mounting constructive challenge of material issues e.g. litigation, particularly as
these may well involve both policy and corporate governance considerations and the
viewpoints of when and how to mount constructive challenge may not always be aligned.
LESSONS LEARNED IN RELATION TO GOVERNANCE — PRACTICAL SUGGESTIONS
Legal Privilege
3.8. We note that the POL General Counsel regularly withheld written information*from the POL
Board and shareholder, including the final Parker Review in 2016, and other legal updates. As the Chair
of the POL Board, Tim Parker should have ensured that the Parker Review waSvactively commissioned
with the view of sharing its findings with the POL Board, and any contrary\view offered by the POL
General Counsel should have raised a red flag in terms of willingness toshare legal advice with the POL
Board more generally.
Lessons:
1) While it is very important that legal privilege is preserved in relation to legal advice, it is also
portant that an asset’s board is able to consider legal risk in the round and is properly
informed of material developments. The shareholder should have visibility of the same. Legal
privilege should not be used to prevent sharing of legal advice. Where UKGI is aware that this
argument is being presented to prevent the sharing of advice to either the board or the
shareholder is should challenge this robustly.
2) UKGI should offer tra
in practice.
ing to shareholder teams on what legal privilege is and how it operates
Independent Investigation.and Mediation
3.9. The mediation was a very public step toward reconciliation and had the Scheme succeeded it
would have likely prevented a critical mass of SPMRs joining forces in the subsequent GLO. There were a
number of contributing factors that led to the breakdown in the Scheme. The capacity and capability of
Second Sight were'a contributing factor in the slow delivery of the Scheme. However, POL arguably took
too legalistic.an-approach to individual cases and were, in the eyes of the JFSA, not willing to fully co-
operate with’Second Sight or consider whether issues with the wider system (training, helpline etc — see
below) could have caused losses.
3.10. As such, the broader merits of the SPMRs claims seem to have been missed. BEIS and ShEx kept
at an arm’s length distance from the Scheme, considering it to be an operational matter for POL. Given
the significance of the Scheme’s success for POL, it may have been helpful for the shareholder to
challenge POL further on its willingness to compromise and engage in the process.
Lesson:
1) Where an asset is taking steps to resolve an important dispute with a key group of
stakeholders, UKGI should take steps to gauge whether the Scheme and any key appointed
28
Page29
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
advisers is capable of delivering the intended objectives. Given the reputational and financial
implications of alternate dispute resolution failing, UKGI should encourage the asset to engage
as fully as possible with the concerns being mounted by the affected stakeholders.
Support for Shareholder NEDs and Teams
3.11. The role of the Shareholder NED will necessarily vary according to the skills and experience of
the individual holding the board seat, and, according to the needs of the specific business during the
period of appointment and the business cycle. Those holding positions on the boards of government-
owned entities will often draw on the support and experience of their teams and colleagues when faced
with challenging issues or discussions as well as [UKGI’s] formal training. UKGI’s own internal risk,
assurance and portfolio processes also provide a safe space where issues can be raised and debated and
knowledge shared, but the role of the Shareholder NED is often a lonely position.
3.12. Inevitably, there are times when the Shareholder NED will need additional support'to enhance
the effectiveness of their role. This is particularly the case when there is a need for’@)Board to step into a
more hands-on role and assume control of a specific issue. In addition, the Shareholdér Team may also
require further support from within UKGI to test the approach to the oversight and management of
challenging issues the asset may be facing.
Lessons:
1) In the future, where an asset is dealing with significant‘operational, legal or other challenges,
UKGI should be assured that the Shareholder NED is receiving sufficient support from the wider
organisation. This may involve arranging for.additional targeted support and/or training to
UKGI NEDs over and above the significant training offer that UKGI provides.
2) Further, Shareholder Teams managing asset’s where there are significant challenging issues
should be encouraged to fully draw.on the experience and learnings of other teams who have
faced similar issues and utilise the corporate governance and NED forums, ad hoc portfolio
review process or indeed ExCo as a sounding board.
Board Access to Key Advice — Legal and Non-legal
3.13. We note that at variousicritical moments in the chronology outlined in section 2 above, the full
POL Board does not appear, to have had access to, or to have been consulted on, crucial external advice
(see Annex 2, below). For'example, this appears to be the case for the final Seconal Sight Report and the
Tim Parker Review. This may have hampered the POL Board’s ability to view the assurance being
provided on Horizon holistically.
3.14, In addition, throughout the early stages of the GLO, updates were provided to the POL Board
verbally by..the General Counsel. This was framed as intended to protect legal professional privilege.
However, the protection of legal privilege should not be used to prevent the full sharing of information
with the POL Board and Shareholder Teams. With the benefit of hindsight, it appears that the Board
were not fully aware of the detail of the legal advice received in respect of the GLO, and were therefore
unable to properly calibrate the level of risk involve or garner a full appreciation of the complexity of the
issues.
Lessons:
1) UKGI should actively encourage boards to request assurances from the executive team that
they are seeing all commissioned advice in relation to challenging issues and should have the
29
Page30
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
opportunity to input into the scope of advice commissioned, read the advice obtained in full,
and directly meet with the advisers providing the assurance.
2) _UKGI shareholder teams (particularly shareholder NEDs) should encourage the executive to
actively share material legal advice with as asset’s board to ensure the board has full visibility
and the legal advice being presented is not being overly simplified, inadvertently diluted or
coloured by the views of the executive. Particularly where an asset is facing material litigation,
there is no substitute for an asset’s Board in seeing legal advice in full and to gauge how
questions are being posed and risks opined upon. As per the litigation protocols, UKGI puts in
place with its assets, this flow of information should also come into the relevant Department
and Shareholder Teams. See the related lesson at paragraphs 4.3 and 4.4 below.
Skill set of asset’s Boards
3.15. As was the case for Magnox, it appears that the POL Board may not have beer sufficiently
robust in challenging the POL executive, nor was it fully informed of the relevant fatts at the appropriate
time. It also appears that the POL Board may not have fully understood the complex IT issues posed by
the Horizon system or the external assurance (and any limitations of such assurance) that it did receive
on the robustness or reliability of Horizon. Between 2012-2020, POL did not have a NED on the Board
with specialist IT skills and in hindsight, such experience could have benefitted the POL Board
enormously.
Lessons:
1) Particularly where assets are experiencing significant challenges, UKGI should encourage an
asset’s board to further reflect on whether.it.has the necessary skill set and experience,
particularly where the issues are technical in nature such as those being raised in relation to the
Horizon IT system. Where specific or specialist skills cannot be retained, the Board could
consider obtaining further technical.expertise on certain issues via the appointment for a Board
adviser.
2) itis always important for arasset board to have access to a range of skills that are appropriate
to the nature of its business, the challenges the asset is facing, and the market in which it is
operating. UKGI Shareholder teams should undertake regular [annual] reviews of board skills in
conjunction with an asset’s Chair to inform succession plans and board member appraisals.
Such reviews should:also consider whether, in the round, Shareholder Teams are satisfied with
the range and.level of skill around the board table. Where an asset board has a need for
additional.or specialist skills, whether on a permanent or temporary basis, UKGI shareholder
teams:should be encouraged to make appointments to asset boards, even where this may take
the.total membership above the suggested maximum levels.
LESSONS RE-LEARNED IN RELATION TO LITIGATION
Oversight of the litigation
4.1. As UKGI learned in the Magnox competition, it is crucial at the outset of any substantial
litigation that UKGI should agree with the relevant department, and its lawyers, how oversight of the
litigation will be provided. Until mid-2018, other than the visibility that UKGI gained via the Shareholder
NED on the POL Board, UKGI and BEIS were not sighted on the detail of the legal advice relating to the.
Post-2018 (and following the application of Magnox lessons to the POL litigation) UKGI and BEIS
increased visibility and opportunity for challenge significantly, however it took the unexpected adverse
30
Page31
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
outcome of the Common Issues judgment and growing media/parliamentary pressure to catalyse POL's
engagement with HMG (at both an official and Ministerial level).
4.2. More developed engagement with POL from the early stages of the litigation could have helped
establish more collaborative interaction between the POL and shareholder teams throughout the
process, rather than having to strive to ‘change the model’ which POL were initially resistant to.
Lesson:
1) Going forward, the UKGI shareholder team must work proactively with assets to ensure that, as
per best practice, the framework document includes provisions for litigation updates and
protocols where necessary, and to establish the framework of transparent information’sharing in
respect of litigation as the ‘second nature’ approach in respect of substantial litigation.
Asset’s legal capability
4.3. One of the key findings in the Magnox lessons learned was that wheré a°substantial legal
challenge is mounted against an asset, UKGI should assure itself of the asset's internal legal capability.
The UKGI board may recall that in the context of Magnox, the NDA’s in-house legal team was not
sufficiently experienced or staffed for the ES litigation and that whilé.UKGI insisted on additional
internal resource after the judgment was rendered, this should have béen.done earlier.
4.4. With respect to the GLO, POL had a large in-house,legal team and a plethora of support from
external legal advisers. However, POL's entrenched view’was that the Horizon case was without merit
and while the POL General Counsel provided verbal Updates to the POL Board as the litigation
progressed, there does not appear to have been much written briefing, little discussion of strategy and
no record in the board minutes of challenge.
45. From 2018, UKGI made several attempts,to engage with the POL General Counsel to develop a
clear contingency strategy and to consider the merits of settlement although this was met with
significant reticence. This was due.to,a reluctance on the part of the POL General Counsel to share
information with the shareholder on the basis that it might jeopardise the protection of POL’s legally
privilege advice.
Lessons:
1) In the future, from the early stages of litigation, the UKGI shareholder team [must assure itself of
the quality:and. capability of an asset’s team and] must secure, via a litigation protocol if
appropriate, ‘a regular flow of information from the asset and into UKGI and the relevant
Department, including the underlying legal advice.
2) Shareholder teams must be conscious that concerns in respect of capability are not limited only
to capacity or skill set of the asset’s legal team, but should also take into account the fatigue
effect of litigation and the possibility of the team adopting a ‘hive mindset’ which inhibits
constructive challenge in respect of strategy and approach.
3) UKGI shareholder team must ensure that they foster a good relationship with an asset’s General
Counsel, including where there is material litigation, asking them to attend Quarterly
Shareholder Meetings.
Litigation Strategy and Mitigation of Legal Risk
31
Page32
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
4.6. The UKGI board may recall that throughout the Magnox litigation, the NDA Executive Team
portrayed the litigation as a “try-on” and entirely without merit. However, litigation is universally
recognised to be uncertain, and even a small risk of a very significant set-back requires mitigation. One
of the key Magnox lessons learned was that UKGI should ensure a full discussion of the legal strategy to
ensure risk mitigation has been fully considered.
4.7. In a similar vein to Magnox, and as set out above, POL's entrenched view was that the Horizon
case was without merit. While certain positive steps were taken in 2018, UKGI’s attempts to engage
with POL’s legal team on legal strategy were met with a degree of resistance and opportunities to
influence outcome were lost. For example, only seeking a merits advice five months away from the
Common Issues trial meant there was insufficient time for the parties to seek to mediate the dispute
(particularly as they had to prepare for the trial during that time).
Lessons:
1) ‘In the future, where an asset is defending material litigation, UKGI must work with the asset to
assure itself that the asset is implementing a robust litigation strategy informed by proper
contingency planning and an understanding of the various possible outcomes (financial,
operational, reputational) based on a range of scenarios (worst to best).Any strategy needs to
consider settlement options and, in significant litigation, be tested by second opinions.
2) UKGI must encourage the asset to get merits opinion at“an early stage and consider getting a
second opinion from a claimant friendly QC to provide balance.
3) In certain circumstances, the asset’s board could also. seek to employ its own litigation expert or
board advisor to help the board assess the risks. the litigation poses to the company and to help
them mount robust challenge of the asset’s legal.team.
Note that all the above is even more critical when litigation funders are involved. That fact will also
influence the litigation strategy as litigation funders will be very influential in any settlement
discussions.
The Importance of Multiple Legal Opinions
4.8. As per the Magnox lessons learned, UKGI should insist that the asset consider more than one
external legal opinion to.ensure that legal advice and identified risks are thoroughly tested. Further, it
should ensure that any opinions and their authors are put before the asset’s board so that the board is
able to take strategic decisions with proper calibration of legal risk. It is also important to understand
the instructions ‘on which these opinions were provided as these may also indicate conscious or
unconscious bias, or entrenchment of views.
4.9, POL received significant support in relation to Horizon before litigation was contemplated and
once it had commenced. POL had external civil solicitors and a team of counsel, including two QC’s,
advising on the GLO. The advice POL received on the strength of their legal case entrenched their view
that their chances for winning the GLO were very strong. For example, in relation to the Common Issues
trial, Linklaters provided advice on the parties’ obligations under the contract, which firmly supported
POL’s position that the burden was all on the SPMRs.
4.10. However, a merits opinion was not sought until mid-2018 and there was only limited
consideration of settlement options. A review of the POL Board minutes indicates that, in particular
prior to 2018, litigation discussions at the POL Board were primarily precipitated by a verbal update
from the POL General Counsel and that the POL Board did not have regular direct access to legal advice
or advisors.
32
Page33
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
Lessons:
1) UKGI must consider and challenge legal advice received by assets in respect of key litigation and
seek to ensure it is satisfied that counsel assessment / recommendations have properly addressed
all relevant points.
2) Where the UKGI shareholder team identify the possibility that the asset legal team have become
entrenched in their views, they might consider whether it is appropriate to commission a second
opinion or alternative form of challenge to ensure the litigation strategy remains agile and
capable of reacting to unexpected events.
Challenging an Asset on its Choice of Legal Adviser
4.11. As per the Magnox lesson learned, in substantial litigation cases, challenging the board on an
asset’s choice of legal advisers is key. After the judgment in the Common Issues ‘trial. was handed down
in March 2019, the POL Board, including the Shareholder NED who played an/inistrumental role, pushed
for and were successful in causing POL to: (a) change its legal team, including the exit of POL's General
Counsel in 2019 from the business and the engagement of a new external law firm, and (b) develop a
strategy for settlement. Without these key changes reaching a settlement at that time would have been
incredibly problematic.
Lesson:
1) In line with the Litigation Guidance UKGI has.developed, in future UKGI must be included on
an asset’s decisions on when to consult. or engage new lawyers for refreshed thinking on a
course of action. The UKGI shareholder team must also consider periodically whether an
asset’s legal team composition remains effective and appropriate at the relevant point in the
litigation, to allow them to flag to the asset if they feel such consideration is necessary.
33
Page34
Draft Dated 28" June 2021
Precursors to Litigation
Litigation Milestones
_ I ShEx/UKGI Involvement
I Wider HMG
_I Involvement
ANNEX 1
TIMELINE OF KEY EVENTS
ma
er
Sy
UKG100048173
UKG100048173
Page35
Draft Dated 28" June 2021
UKGI00048173
UKGI00048173
July 2012 In response to the claims, POL and JFSA jointly commissioned an independent firm of forensic POL Chair/ CEO Meetings
accountants, Second Sight, to examine Horizon for evidence of flaws which could cause accounting Information flow: no Board Packs.
discrepancies Constant flow of information between
8 July 2013 Second Sight issue an interim report, finding no evidence of systemic flaws. the Team and POL counterparts
The Post Office Minister (then Jo Swinson) gave an oral statement to in the House of Commons on these I , Risk Reporting: per BIS processes.
less . = . on : = = Including risk register and portfolio
Autumn 2013 POL established the Complaint Review and Mediation Scheme (Scheme) in consultation with JFSA, MPs :
and Second Sight as an avenue for SPMRs to raise individual concerns. 136 individual cases were etd telade
accepted into the scheme and investigated
March 2014 Richard Callard is appointed as the successor NED on the POL Board. The NED also sat on the POL Board 2014 — 2018
subcommittee (Sparrow) dealing with the Scheme ¢ NED relationship: NED (Richard
July / September I Second Sight produce their second report which describes branch operating procedures and related I Callard) is the Head of the Team
2014 Horizon functions. Second Sight raise specific concerns and POL publishes a response ¢ Team: Policy, commercial and
17 December Westminster Hall Debate on Horizon issues and the Scheme governance functions combined
2014 . y
3 February 2015 BIS Select Committee hearing on Horizon issues and the Scheme aaa aan Ode rs usen
March 2015 The Scheme closed. 41 of the 136 cases had been resolved. POL write to the Post Office Minister outlining x
the outcomes of the scheme. Sparrow subcommittee disbanded ° SEVOUEN SS Pent esr
March 2015 BIS Select Committee wrote to SoS Vince Cable on Horizon issues Bucicles With toe Gel itautae aed £0
April/May 2015 Final Second Sight report published, and POL publishes its response. CCRC announces it will consider the Special Share
cases from SPMRs © Meetings: QSMs, Monthly Finance
7 July 2015 Baroness Neville-Rolfe agreed with ShEx advice that HMG should keep its distance from the dispute (a I Meetings (POL CFO), Head of ShEx
matter for POL) and resist JSFA calls for further independent investigation POL Team / POL Chair/CEO Meetings
October 2015 Tim Parker appointed POL Chair and tasked by Baroness Neville-Rolfe with conducting a review into the I ¢ Information flow: Team receive all
issues, Support is provided by a QC Board Packs. Constant flow of
10 September Early Day Motion tabled on Horizon issues information from POL to the Team
2015 © Risk Reporting: UKGI risk register
March 2016 Tim Parker writes to Baroness Neville-Rolfe advising as the outcome of his review and the further actions I capturing key risks to POL and UKGI,
he was taking [Preliminary conclusion of the review by the POL Chair finds no systematic problem with together with regular Portfolio
the Horizon system] REviens
April 2016 A High Court claim was issued against POL
May 2016 Baroness Neville-Rolfe agreed with ShEx advice to continue the approach that it is a matter for POL to
resolve [Review halted following legal proceedings lodged against POL by the JFSA. CCRC also initiate
review the POL cases]
35
Page36
Draft Dated 28" June 2021
UKGI00048173
UKGI00048173
March 2017 Group Litigation Order was made
October 2017 Case Management Conference set out litigation stages and issues to be addressed. Approximately 550
claimants had joined the litigation
March 2018 Richard Callard is succeeded by Tom Cooper as the NED on the POL Board. 2018 — present
POL Board subcommittee established to oversee the litigation ¢ NED relationship: NED is the Head of
July / August BEIS Post Office Policy Team set up to cover policy engagement on POL. The UKGI Shareholder Team the Team ‘
2018 carry out the commercial and governance functions only. Team: BEIS Policy Team created to
17 October 2018
POL’s CEO and Legal Counsel briefed Minister Tolhurst and the Permanent Secretary on upcoming trial,
merits opinion and contingency planning for dealing with an adverse outcome in the GLO
5 November - 6
“Common Issues" Trial to determine the terms of the contract in force between POL and SPMRs,
December 2018 including implied terms, by examining “23 common issues”
March 2019 — POL engage a new legal team (Herbert Smith Freehills) and focus on developing and implementing a
November 2019 settlement strategy
11 March 2019
"Horizon Issues" Trial commenced to look at 15 issues in relation to the integrity of Horizon, most
significantly the reliability of Horizon and the extent to which it was the root cause of shortfalls in
postmaster branches
15 March 2019
Judgment on Common Issues Trial (CJ), finding that POL’s contract with postmasters is relational and, as
a consequence, various terms must be implied into it that put the onus on POL to establish that losses
were caused by SPMR’s. The judge also criticised POL for its handling of the case and for its conduct in
dealing with the claimants.
March — June * Horizon Issues Trial suspended following recusal application by POL on 21 March; this application was
2019 refused on 9 April, appealed to the Court of Appeal on 11 April and refused again on 9 May
* Horizon Issues Trial resumes on 4 June
¢ POL’s application for permission to appeal the ClJ denied on 23 May and POL apply to Court of Appeal
for permission to appeal the ClJ on 13 June
November 2019 Permission to appeal the ClJ rejected by the Court of Appeal on 22 November. Mediation between POL
and claimants begins
10 December
2019
Settlement Agreement reached: POL agreed to pay £57.75m and to set up the Historic Shortfall Scheme
(HSS) to address shortfalls suffered by other SPMRs not part of the GLO
16 December Judgment on Horizon Issues Trial. The parties had received a draft of this judgment before they reached
2019 the settlement on 10" December 2019 so were fully aware of its contents
26 March 2020 The CCRC announce their intention to refer 39 cases of convicted SPMRs to the Court of Appeal
3 June 2020 The CCRC announce a further 8 referrals to the Court of Appeal (47 total)
have oversight of policy. UKGI Team
cover commercial and governance
functions. High level of collaboration
between BEIS and UKGI.
Governance framework: BEIS/UKGI
MoU agreed Dec 2019. BEIS /UKGI
/POL Framework Document agreed
[x] 2020.
© Meetings: QSMs, Monthly Finance
Meetings (POL CFO), NED / POL Chair
Meetings, together with regular
meetings between BEIS SoS, POL
Chair, NFSP and ad hoc meetings.
Information flow: Team receive all
Board Packs. Constant flow of
information from POL to the Team
Risk Reporting: UKGI risk register
capturing key risks to POL and UKGI,
together with regular Portfolio
Reviews
36
Page37
Draft Dated 28" June 2021
37
UKG100048173
UKG100048173
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
ANNEX 2
[POL ASSURANCE — TO BE COMPLETED]
‘Horizon: Desktop Review of Assurance Sources and Key Control Features’ and an accompanying ‘Board Briefing’ prepared by Deloitte Report in May and June 2014 (Project Zebra)
Scope * Deloitte review consisting of: (i) a desktop exercise to assess the control framework within which Horizon operates; and (ii) an assessment of the integrity of the Horizon
processing environment at implementation (i.e. to determine whether Horizon was set up correctly); and (iii) a response to the most significant thematic issues raised
by Second Sight.
¢ Limited in scope and detail. Based primarily on a review of documents and from discussions with POL and Fujitsu as to the design of Horizon. Review did not involve
independent testing of Horizon or a review into the extent to which the documents supplied correctly reflected the implementation of Horizon.
* Deloitte proposed a second phase of work (particularly looking into non-traceable “phantom” transactions) which would entail a deeper dive assessment, but phase two
did not take place.
Key ¢ — Identified a lack of monitoring controls in relation to some matters but did not find that the system as designed would not deliver its operational objectives.
Findings I * Deloitte could not confirm the design features identified were implemented and operated as described and suggested that further work be undertaken to verify this.
* Raised two means by which appropriately authorised users at Fujitsu could theoretically remotely alter branch transaction data (picked up in the Parker Review).
¢ The report contained suggestions to POL management on additional activities which could be performed to provide further comfort to POL relating to Horizon.
Seen by I The POL Board was provided with the draft Project Zebra findings and an executive summary of the Deloitte report in late April/May 2014.
whom © The final full Desktop Assurance Review was shared with POL on 23 May 2014.
© Deloitte provided a briefing to the POL Board 4 June 2014.
Second Sight Part Two Report issued on 9 April 2015
Scope I Considered whether there were systemic issues and / or concerns with the Horizon system, including training and support processes.
Key e The contract between POL and SPMRs was not always provided to SPMRs and the contractual terms, placing responsibility for losses on SPMRs, was “unfair”.
Findings I * Horizon insufficiently error repellent, in that “the majority of branch losses were caused by ‘errors made at the counter”, which could have been avoided if the systems
had been improved.
* Made findings that indicated that Horizon had the potential to result in branch account losses.
* Concluded that Fujitsu did have and may still have had the ability to directly alter branch records without the knowledge of the relevant SPMR.
Page38
Seen by Ie First draft shared with POL in March 2014.
whom I Some, but not all, members of the POL Board were informally kept appraised of the various Second Sight drafts.
© Final report issued to POL on 9 April 2015.
* Not possible to confirm that the entire POL Board was provided with a copy of the Second Sight Part Two report, however the CEO did inform the POL Board when the
report was disclosed to applicants.
38
UKGI00048173
UKGI00048173
Draft Dated 28" June 2021
The Parker Review issued on 8 February 2016
Scope Review into POL’s handling of the complaints made by SPMRs regarding the alleged flaws in Horizon, and determination of whether the processes designed and
implemented by POL to understand, investigate and resolve those complaints were reasonable and appropriate.
Analysed four areas: (i) criminal prosecutions; (ii) the Horizon system; (iii) training and support provided to SPMRs; and (iv) the mediation scheme investigations of
individual cases. In relation to all four areas the review sought to address two principle questions, firstly, what had already been done in the 2010-2015 period and,
secondly, what further work could be done to plug any remaining gap.
Key * Accepted that the Horizon system works effectively and accurately ‘the overwhelming majority of the time’.
Findings Did not find evidence that suggested the bugs identified were the cause of wider loss to SPMRs.
e Inrelation to thematic issues identified by Second Sight, agreed with the analysis of POL and Fujitsu that few, if any, of those issues could sensibly be said to relate to
any error in the operation of the Horizon system.
© Found that in May /June 2014, POL was aware that Fujitsu did have, and may still have had, the ability to directly alter branch records without the knowledge of the
relevant SPMR (Project Zebra).
© Found that the ability of certain restricted individuals in Fujitsu to create transactions directly ifbranch ledgers which do not require positive acceptance or approval by
SPMRs (Balancing Transactions) was problematic as the existence of the Balancing Transaction Capability and the wider ability of Fujitsu to ‘fake’ digital signatures were
contrary to the public assurances provided by Fujitsu and POL about the functionality'of thé Horizon system.
* Made eight recommendations, including that further work be carried out to address findings.
Seen by Managed by Jane MacLeod and the POL Legal Team.
whom © Does not appear to have been shared with or discussed formally at the POL Board.
¢ High-level summary of findings shared with Baroness Neville-Rolfe on 4 March 2016.
Project Bramble issued in July 2018
Scope * Deloitte engaged in the context of the GLO to examine POL’s position in response to a number of allegations in relation to the Horizon system.
Key ¢ — Identified two ways in which Fujitsu could alter branch accounts on Horizon Online which POL considered to be particularly material.
Findings I * Found that the system controls across Horizon Online were robust.
Seen by I © Discussed by the GLO Steering Group and then shared by Jane MacLeod with the Group Executive.
whom
Page39
39