UKGI00048174
UKGI00048174
Confidential and Legally Privileged — do not disclose outside UKG/ without consulting the
UKGI Legal Team
UKGI PRELIMINARY INTERNAL REVIEW INTO THE POST OFFICE AND THE
HORIZON IT SYSTEM
1. INTRODUCTION
Purpose and Scope
1.1. The purpose of this document is to provide a preliminary view of the key facts relating to the
involvement of the Shareholder Executive (“ShEx”) and UK Government Investments Limited (“UKGI”) in
matters relating to the Post Office Limited’s (“POL”) Horizon IT system (“Horizon”), and in particular the
events leading to the commencement of the sub-postmasters (“SPMRs”) litigation which was settled in
December 2019 (Section 2). Its primary aim is to provide the UKGI board with a high-level understanding
of the shareholder role UKGI performed with respect to POL and to develop reflections on lessons to be
learnt from a corporate governance perspective, which will be disseminated and applied across the UKGI
portfolio at the appropriate time. This report cannot substitute the more detailed work that will be
required of UKGI as it co-operates with the Post Office Horizon IT Inquiry (“Inquiry”), for example the
collection of core documentation and provision of witness evidence, which will provide a more detailed
view of key events.
1.2. At present, this report does not currently cover in detail POL or ShEx/UKGI’s knowledge of Horizon
related convictions. Nor does it examine in any detail the work of the Criminal Cases Review Commission
(“CCRC”) who were reviewing postmaster convictions from [2015]. Following the Inquiry’s conversion
from a non-statutory process to a statutory footing on 1 July 2021 and the associated update to its Terms
of Reference!, subsequent versions of this report will seek to understand UKGI’s knowledge of the
criminal prosecutions of the SPMRs. UKGI Legal will not be in position to provide further detail on the
issue of criminal convictions until it has completed a detailed disclosure exercise of the relevant historical
records’, The reader should also be aware:
a. The review has been completed at a high-level and has not included an exhaustive search of
relevant material at this stage or formal interviews with relevant staff (although some
engagement from UKGI staff has been undertaken as part of drafting this report)®. The
summary of key facts and events will be subject to a degree of evolution as UKGI establishes
amore detailed and thorough understanding of the relevant facts; and
b. A principal aim of this review is to form a preliminary view on what lessons can be learned
to better inform the performance of UKGI’s shareholder role in the future. This includes
providing initial observations on how the lessons learned following our internal review of our
Magnox role (in late 2017) were adopted. As UKGI’s understanding of the relevant facts
evolves as a result of its engagement with the Inquiry, we envisage that further refinement
+ https://www.gov.uk/Government/publications/post-office-horizon-it-inuiry-2020/terms-of-reference
2 Note that this disclosure exercise will be completed in line with the published terms of reference of the Post Office Horizon IT
inquiry.
3To date, the review exercise which has been completed comprises:
- 1% jine review by Eversheds Sutherland LLP (“ESI”) of approximately 50,000 documents (including records from the
current UKGI filing system, historic filing systems, hard copy archives and email inboxes of key individuals);
- _ 2™!line review by ESI of approximately 13,000 of the above documents deemed relevant to the response to the Horizon
IT Inquiry; and
- Detailed review by the UKGI internal review team of approximately 300 core documents.
UKG100048174
UKG100048174
and additions to these lessons will be required. UKGI Legal will work closely with the UKGI
Portfolio team to determine how best to disseminate any final lessons across UKGI
Shareholder Teams and the wider portfolio.
1.3. This review was commissioned by the Board of Directors of UKGI (the “UKGI Board”).
1.4. Some information in this review has been drawn from legal advice that POL has received, in
particular following investigations and reviews conducted by POL’s external barristers. These pieces of
advice have been shared with UKGI under the terms of a protocol agreed with POL which expressly
preserves POL’s Legal Professional Privilege in, and the confidentiality of, this information.
1.5, This preliminary report is intended for use only by UKGI.
UKGI00048174
UKGI00048174
2. BACKGROUND TO THE POST OFFICE, HORIZON IT SYSTEM AND THE DISPUTE
WITH SUB-POSTMASTERS
2.1. A timeline of the key events listed below has been included at Annex 1.
The Post Office — recent ownership and status as a Public Corporation
2.2. POL is classified as a Public Corporation* and has operated as a company independent from Royal
Mail since 1 April 2012. POL is wholly owned by the Secretary of State for Business, Energy and Industrial
Strategy (“BEIS”) (the “Secretary of State”). Given POL’s size and commercial nature, the Secretary of
State through BEIS delegated its role as shareholder in POL to ShEx (which was then transferred to UKGI,
see paragraph [2.7] below). The prevailing culture within the Royal Mail Group (“RMG”), which was partly
inherited by the incoming POL leadership team, was one of fierce independence. For example, basic
information was often difficult to access.° It was in this context that ShEx began to perform a shareholder
role and embed a Shareholder Non-Executive Director (“NED”) position for POL in 2012. There was no
Shareholder NED position (or any equivalent) appointed to the board of RMG.
2.3. As a Public Corporation, POL is designed and intended to operate at a distance from Ministers
and Government: Public Corporations should have appropriate levels of freedom to exercise commercial
judgement, within appropriate governance arrangements that protect the relevant departments.® While
the board of directors of POL (the “POL Board”) is accountable to (and in certain matters, requires the
consent of) the Secretary of State for the performance of POL, it is solely the POL Board that has
responsibility for and control over, the day-to-day operations and management of POL.
2.4. There is no single, agreed definition as to what effective oversight of a public corporation entails.
Therefore, in determining the appropriate level of oversight and control to be exercised over POL,
Government must take into account the fact that POL has been constituted with an independent board
and expert management team. While BEIS places a number of policy requirements on POL and has certain
rights and controls as shareholder and as lender under various funding documents’, the governance in
place seeks to preserve POL's independence as far as possible. Government also requires POL to create
and manage its own corporate processes and ensure good corporate governance.® The degree of control
and oversight that Government has over a Public Corporation should be both reasonable and
proportionate to the Public Corporation's functions and risk profile. Accordingly, what is appropriate in
terms of oversight is subject to change; as POL's risk profile has increased so too has the degree of
oversight exercised by Government.
2.5. In the period immediately following POL’s separation from Royal Mail [up to 2016-17], the
company’s priorities were many, varied and in some cases, existential, including: securing sufficient
funding to deliver both policy priorities and commercial services (including Government services), aiming
POL is classified as a Public Non-Financial Corporation ("Public Corporation") by the Office for National Statistics.
5 The Shareholder Team recollects the Royal Mail Group operating within a strong regulatory environment with a binary, or
legalistic culture within the organisation. The Hooper review had increased the emphasis placed on mails as a business, resulting
in POL receiving comparatively less focus at a group level: https://www.gov.uk/Government/news/Government-publishes-
hooper-royal-mail-update.
® See for reference, Chapter 11 of HM Treasury's Consolidated Budgeting Guidance 2020-21:
https://assets. publishing. service.gov.uk/Government/uploads/system/uploads/attachment_data/file/876155/CBG_for_pu
blication.pdf
7 Since 2007, a Funding Agreement and Entrust ment Letter between BEIS and POL has been in place (as amended from time to
time), which imposes conditions and restrictions on the funding provided by BEIS (in essence, these agreements set out BEIS's;
policy objectives and expectations from POL). Since 2003, a Working Capital Facility between BEIS and POL has been in place (as
amended from time to time), whereby POL can access funds for working capital purposes, which imposes certain contractual
restrictions/undertakings on POL (for example the incurring of additional debt).
8 [Reference to Accountable Person appointment letter to be included]
UKGI00048174
UKGI00048174
for financial self-sufficiency in the medium term; dealing with a substantial pensions deficit; and leading
what can effectively be described as the UK’s largest ever retail transformation across its network. This
was alongside defining and embedding a new operating model (including through the newly established
POL Board). Whilst Horizon was undoubtedly a known issue, the above were seen as more significant
threats in the context of business that was substantially loss-making.
2.6. In line with its adoption of the UK’s Corporate Governance Code (from POL’s inception), POL’s
Board underwent regular board effectiveness reviews. Whilst not occurring on an annual basis, a review
of the board’s effectiveness took place in summer 2013 (conducted internally, likely by the Chair), in
March 2015 (conducted by the Chair with a written report shared with the full board), between November
2016 and January 2017 (conducted externally) and in December 2018 (conducted by the Senior
Independent Director (“SID”) which also covered board sub-committees). Whilst board members
consistently highlighted issues with the quality and density of board papers, there is only a single
reference in the materials we have been able to discover to there being any tension between the
challenge posed by non-executives to the management team, where this was felt to be intrusive (March
2015) and no references to the POL Board being focused on the ‘wrong’ issues.'®
ShEx and UKGI involvement
2.7. ShEx was originally established in September 2003 as part of the Cabinet Office and with its own
advisory board (as was the custom for Executive units created at that time)" and, since its establishment,
has played a role both in relation to RMG and POL. In 2004, ShEx transferred to the then Department of
Trade and Industry (BEIS’s predecessor organisation), retaining a role for its advisory board as part of the
transfer, where it remained until 2016. In April 2016, ShEx’s functions were transferred alongside UK
Financial Investments Limited (a Government company 100% owned by HMT) to create UKGI in the form
it exists today.
2.8. Alongside the evolution of the Shareholder role (set out in paragraphs [2.11] to [2.20] below),
ShEx and UKGI’s oversight also evolved over the same period. From 2009, ShEx’s operations were
overseen by an advisory board alongside internal processes to peer review Arm's-Length Bodies (“ALB”)
performance, governance and simple risk reporting. The UKGI Board (which converted into a fiduciary
board upon the creation of UKGI in 2016 as a limited company) oversaw a number of changes to UKGI’s
performance, focusing on risk management. Specifically:
a. UKGI's internal processes of risk management became more rigorous, underpinned by a clear
methodology, and also subject to senior and peer review;
b. Risk register discussions became standing items at each UKGI Board meeting: where
significant risks are highlighted in the overall risk register, these form bespoke discussion
papers for the UKGI Board to consider;
c. Anew risk category (‘Purple Projects’) to capture [ad hoc] project work was introduced in
mid-2020;
d. Portfolio reviews, routinely used as a form of peer review, gained a more precise structure
and role reporting to a Portfolio Director;
e. The UKGI shareholder role model was enhanced and standardised and formal MoUs were
entered into with client Departments; and
f. Steps were taken to improve practitioner knowledge and training in corporate governance
underpinned by a structured training programme.
°To add context, at the time POL was operating more branches than all the major banks and supermarkets combined.
1 See POL Board minutes of 29 October 2014, 25 March 2015, 24 November 2016, 31 January 2017 and 29 January 2019.
11 See also the Better Regulation Executive
UKGI00048174
UKGI00048174
2.9. Prior to 2012, during the period in which POL was a subsidiary of RMG, there was a team within
ShEx which had responsibility for oversight of the Post Office functions and policy responsibility for POL
(including supporting departmental ministers in Parliamentary or other stakeholder engagement). This
team reported, alongside a similar team focused on the performance of Royal Mail, to a Director within
ShEx responsible for the oversight of RMG as a whole. The role performed by the Shareholder Team pre-
2012 was not, in many ways, fundamentally different to the role that the Shareholder Team perform
today insofar as reviewing financial and performance reports, reporting on risk and securing sufficient
Government funding to deliver the department’s policy objectives. However, the context within which
the Shareholder Team was operating was different and informed the way in which the Shareholder Team
performed their role; in particular:
a. in terms of governance, Government relied on its rights as shareholder of a special share in
Royal Mail Holdings, which afforded Government: (i) consent rights over certain actions of
Royal Mail Holdings (including in relation to POL) and (ii) as set out in POL's Articles of
Association (“Articles”); the ability to request information from POL (and released POL
directors from obligations of confidentiality in sharing any such information with
Government);
b. [Drafting Note: additional context and description of the shareholder role between 2004 -
2012 to be included following interviews with relevant staff and further examination of
documents]; and
c. POL, prior to 2012, was not an independent company but a subsidiary of the RMG; there was
no board of the Post Office (a POL representative sat on the board of Royal Mail Holdings)
and Government did not hold a board position on Royal Mail Holdings. As such, the
Shareholder Team had limited visibility and relied solely on information provided to them (in
accordance with POL's Articles) in the context of the various regularised meetings with POL.
For example, the Shareholder Team met the POL senior management team on a monthly
basis to discuss POL’s performance and on a quarterly basis, to discuss more strategic and/or
long-term matters.’
2.10. As best as we have been able to determine to date, the pre-2012 POL team focused on funding
agreements, network transformation, industrial action (including taking forward relevant policy
processes), but did not focus on broader governance issues as the Shareholder Team does now,
particularly as Government did not hold a board position on Royal Mail or POL at this time. In sum, given
the overall focus of ShEx at the time, it appears that the POL team would most likely have been focused
on commercial and financial performance of the business within the RMG. *
ShEx/UKGI role post-2012: An overview
2.11. In order to understand the role of UKGI with respect to POL from 2012 onwards, we think it is
useful to first remind the reader of the role performed currently. Today, the shareholder role that UKGI
performs with respect to POL is characterised by:
a. asenior UKGI employee being both (A) the shareholder representative NED on the POL Board
("Shareholder NED") and (B) head of the UKGI Shareholder Team ("Shareholder Team"),
® Recollections of Will Gibson, ED within the Shareholder Team 2012.
13 See NAO Report into ShEx performance https://www.nao.org.uk/report/the-shareholder-executive-and-public-sector-
businesses/.
UKGI00048174
UKGI00048174
ensuring a high level of visibility on POL Board matters for the Shareholder Team and creating
a direct connection between the Shareholder NED and Shareholder Team;
b. a Shareholder Team focused purely on commercial and governance matters, with a
dedicated BEIS Policy Team taking the lead on policy;
c documented governance arrangements, between (A) BEIS and UKGI, through a
Memorandum of Understanding ("BEIS-UKGI MoU") and (B) BEIS, UKGI and POL, through
the 2020 Framework Document, that sets out key agreed principles of the relationships
between stakeholders; and
d. established corporate reporting procedures, through regular UKGI portfolio reviews, which
challenge the Shareholder Team on key issues, and risk registers, both with UKGI Board
oversight.
2.12. Certain elements of the shareholder role set out above have been consistent features throughout
the period from 2012. For example, a Shareholder NED being on the POL Board, the existence of a
dedicated Shareholder Team within ShEx/UKGI and formalised meetings, such as a quarterly shareholding
meeting, together with informal information flows between the Shareholder Team and POL.
2.13. Notwithstanding these consistencies, the way in which the shareholder role has been performed
by ShEx/UKGI has evolved over the past nine years. For example:
a. From 2012-2016, the Shareholder Team operated within the Department for Business,
Innovation & Skills (“BIS”) and within the objectives of ShEx, which were more heavily
weighted to a corporate finance focus, partly in reflection of the purpose of ShEx’s creation;
b. Specifically, in relation to POL, the Shareholder Team’s focus was on the commercial and
financial sustainability of the business which presented more existential challenges, although
governance was a feature of the shareholder model (alongside a policy function’»);
c. From 2014-present, the Shareholder NED on the POL Board was also the head of the
Shareholder Team; the lack of this link before this period, informed the level of information
received prior to 2014;
d. From 2016 onwards, ShEx and the Shareholder Team moved from being part of BEIS to UKGI,
a company with an independent board and separate responsibility for asset risk oversight;
as such, the approach to portfolio reviews and monitoring risk developed significantly from
2016 onwards; and
e. From 2018, the governance and oversight of POL was further codified and enhanced in
response to the Group Litigation Order (“GLO”) and other challenges facing POL.
2.14. The key differences and developments in each of the periods 2012-2014, 2014-2018 and 2018-
present are summarised below.
Shareholder Role: 2012-2014
2.15. In terms of the landscape in 2012, ShEx had responsibility for both the shareholder role and policy
role. Prior to the BEIS-UKGI MoU being agreed in 2016, there was no formal description of ShEx/UKGI's
4 See for example, ShEx Annual Review 2012-13
https://assets. publishing. service.gov.uk/Government/uploads/system/uploads/attachment_data/file/260598/bis-13-405-
shareholder-executive-annual-review-2012-13.pdf and ShEx Annual Review 2013-14
https://assets. publishing. service.gov.uk/Government/uploads/system/uploads/attachment_data/file/368125/bis-14-405-
shareholder-executive-annual-review-2013-14.pdf
15 At the time, the Shareholder Team recollects that network size and stability were also primary drivers of the commercial and
financial needs of the business and were therefore a clear area of ShEx’s focus.
UKGI00048174
UKGI00048174
role. As civil servants embedded in the shareholding department, it would not have been unusual for
there to be no specific description of the role ShEx undertook.!° The governance levers available to UKGI
as shareholder representative were set out in POL's Articles which set out the rights attached to HMG's
shareholding, including for example, an detailed list of reserved matters for the POL Board and other
documents such as the Funding Agreement and Entrustment Letter.!”
2.16. In April 2012, the first Shareholder NED, Susannah Storey, was appointed to the POL Board (and
in contrast to the position today, was not on the Audit & Risk or Remuneration Committees). Unlike the
subsequent Shareholder NEDs (from 2014 onwards), Susannah was, by design, not part of the
Shareholder Team’®: at the time of appointment in 2012, the Shareholder Team was in the process of
negotiating the Funding Agreement with POL and we understand that there was, therefore, resistance
from POL to having a member of that Shareholder Team also sitting on the POL Board (where POL's
approach to those negotiations would be discussed). This meant that the Shareholder NED, while a
representative of ShEx and performing a key role in terms of bringing Government experience and
perspective to the POL Board, was purposely detached from the Shareholder Team; a clear illustration of
this being the fact that Board papers received by the Shareholder NED were not shared with the
Shareholder Team.’®
2.17. While the Shareholder NED did meet regularly with the head of the Shareholder Team, which
allowed for an informal information flow from the POL Board (and vice versa), there was not the same
level and regularity of interaction and visibility as there is today where the Shareholder NED is actively
supported by the Shareholder Team and interactions occur on a daily basis. The ShEx risk registers
produced at the time took a different form, listing out the risks facing POL as a business rather than
focusing on the key risks to UKGI as a shareholder”. The ShEx team also reported viaa centralised process
to BEIS in relation to POL funding and budget only.”*
2.18. Similarly to today, there was a regular information flow from POL into the Shareholder Team:
both through information linked to regular meetings that took place (such as monthly financial packs and
quarterly shareholder meeting packs, which provided information with respect to commercial initiatives
at POL) and through consistent interaction between POL and the Shareholder Team directly. However,
with limited eyes on the POL Board, the Shareholder Team relied largely on information and assurances
that POL provided, without the same opportunity to challenge information as is afforded the Shareholder
Team today.
Shareholder Role: 2014-2018
2.19. In March 2014, a new Shareholder NED, Richard Callard, was appointed. He was, in line with
UKGI's current practice, also head of the Shareholder Team and also sat on the Sparrow SubCo (defined
below) (from March 2014), Pensions Sub-Committee (from October 2014) and the Audit & Risk
26 In contrast, ShEx would have put in place MoUs or equivalent where it provided services for other Government departments.
1” For example, the 2013 Articles stipulated BEIS consent was required in respect of: the alteration of Articles; voluntary winding
up/administration; issue or redemption of shares; payment of dividends and distributions; appointment, reappointment or
removal of directors; adoption of Strategic Plan; alteration to the nature of the business; disposal of material assets; entry into
significant transactions; approval or variation of director remuneration and terms of employment/engagement; or borrowing
over certain limits or from non-HMG sources. In 2020 new Articles were adopted which enhanced BEIS' consent rights, including
expanding the scope to apply to all companies in the POL group and including, for example, greater HMG control on any proposed
dividend distribution and on POL’s external borrowing.
18 While Susannah was a ShEx employee, Susannah was on maternity leave from ShEx at the time of appointment (and following
such leave, Susannah moved roles to the Department for Energy and Climate Change).
194 POL Board minute dated 23 May 2012 refers to Susannah's appointment being as a representative of ShEx, but that “..Board
papers would not be shared with colleagues in ShEx”.
20 The format of the risk registers were more simplified appearing in a simple tabular form per asset which were consolidated
for the ShEx Board.
21 We noted that this is the recollection of Will Gibson, Executive Director within the POL Shareholder Team 2012.
UKGI00048174
UKGI00048174
Committee (from January 2016). This provided the Shareholder Team with greater information flow and
visibility. From 2014 onwards the Shareholder Team started to receive full POL Board packs and were
more frequently sighted on POL Board-level decision-making.
2.20. As part of the department, the Shareholder Team reported through central risk and other
processes on a regular basis. For example, in December 2014, the Shareholder Team briefed the BEIS
Audit and Risk Committee alongside DG Finance” and POL’s use of its taxpayer subsidy was reported
through the Department’s Delivery Report Summaries. From September 2016, BEIS had updated and
combined its legacy reporting processes and applied a new standard method of reporting for all its ALBs.
From what we can see, POL was not required to complete a detailed assessment as part of this process
[presumably given its public corporation status and the limited financial impact it had on BEIS
accounts].[Drafting Note: Further work on the description of all Departmental facing risk reporting to
be undertaken]
2.21. During this period the Shareholder NED and Team were made aware of various independent
reviews commissioned by POL which seemingly corroborated POL’s characterisation of the allegations in
relation to Horizon (see below on Second Sight Interim and Final Reports, Deloitte report and the Parker
review). In the main, these reports were briefed to Ministers, including where UKGI had asked for
additional assurances from POL UKGI’s challenge to POL was also detailed in briefing to incoming
Ministers at various points”*”*,
Shareholder Role: 2018-present
2.22. In March 2018, Tom Cooper, the current Shareholder NED, was appointed to the POL Board and
also sits on the Remuneration and Audit & Risk Committees. From 2018-2020 he also sat on the POL
Board’s Group Litigation Sub-Committee, set up to manage the GLO and settlement. In addition, to the
more established features of the UKGI shareholder model, the period from 2018 onwards is characterised
by enhanced governance measures being put in place to allow UKGI a greater level of oversight and
monitoring over POL, largely (but not wholly) in response to the GLO and other issues facing POL. The key
developments from 2018 to the model now in place were as follows:
a. Codifying and Documenting Governance Arrangements: a number of steps have been taken
to document and clarify the roles of each of BEIS, POL and UKGI: (i) the BEIS-UKGI MoU was
updated in 2019 and sets out the principles of the relationship between UKGI and BEIS at a
high-level; (ii) the introduction of a Framework Document in March 2020, which sets out the
governance interactions, roles and responsibilities between BEIS, POL and UKGI; and (iii) new
Articles were adopted by POL in 2020, including enhanced shareholder consent rights for
BEIS;
b. Increasing Interactions with POL: a broader range of formal meetings being put in place with
POL, to ensure a regular dialogue between UKGI and BEIS (both formally and informally) and
to enable issues to be discussed and brought to the attention of UKGI*;
c. Separating the Policy Function: the BEIS Policy Team was established in August 2018 (i) to,
in line with the best practice model for other BEIS-owned ALBs, separate the policy and
shareholder functions and (ii) as a consequence of the increased volume and complexity of
policy-related interactions between POL and BEIS, including (but not only), due to the issues
22 See for example, the presentation to the BEIS ARC December 2014.
3 For example, briefings to Baroness Neville Rolfe in July 2015 and Margot James in August 2016.
2 The Shareholder Team also recollects discussing matters with the relevant BEIS Legal Team however, we have not been able
to ascertain whether written advice from BEIS lawyers was received.
25 Note that prior to 2018, the UKGI team and POL interacted regularly on day to day management and issues of concern alike.
However, following 2018, the model developed to increase the number of scheduled meetingsI and strive to ensure appropriate
agendas, meeting notes etc. were produced).
UKGI00048174
UKGI00048174
relating to Horizon: the BEIS Policy Team works closely with the Shareholder Team in holding
POL to account at official level;?°
d. Enhancing the Risk Framework: the Shareholder Team (i) engages with the standardised
quarterly UKGI portfolio review process and regularly asks for special ad hoc meetings on
which to receive constructive challenge from UKGI colleagues on specific issues; (ii) through
completion of the UKGI POL risk register, captures key risks faced by POL in the lens of their
potential impact to both the company as well as to UKGI/BEIS; and (iii) report key risks to
BEIS through completing the Online Reporting in BEIS (“ORB”) on a quarterly basis; and
e. Developing the Corporate Culture: UKGI, BEIS and POL have increased the dialogue around
changing POL's corporate culture and in particular, resetting the relationship between POL
and SPMRs (including, for example, through POL's initiative to appoint two SPMRs to the POL
Board and review of its engagement model to deal with SPMRs).
Horizon and risk reporting
2.23. As is the case for the shareholder role, risk reporting, both internal to ShEx/UKGI and to the
Department, has evolved over time:
a. Pre-2012: From what we have been able to gather, ShEx performed annual and interim
investment reviews for assets in its portfolio, with the processes around these strengthened
in 2011-12 for "Core Assets" (of which POL was one); a new approach to the "Portfolio Unit"
was for "detailed annual investment reviews with...better definition of the risks...for the
company" and quarterly updates.” These Investment Reviews also involved Shareholder
Teams preparing a "traffic light analysis" for the annual and quarterly reviews.?®
b. 2012-2014: The approach to risk reporting and management was set and administered
centrally by BIS with ShEx officials reporting through line management chains ultimately up
to the Permanent Secretary. While there were processes for reporting risk into BIS at a high-
level and flagging areas of concern on an ad hoc basis, there were no detailed "risk registers"
in the form we have today. At the time, the key "risks" highlighted to BIS from a ShEx
perspective were, in line with ShEx's objectives”, largely commercial in nature; for example,
relating to the separation of POL from Royal Mail, the negotiation of the POL funding
agreement and other funding issues facing POL. Similarly, while ShEx did carry out portfolio
reviews, they were not as rigorous as those that exist today and often focused on the
commercial/financial performance of the asset.?°
c. 2014-2016: Regular and formalised risk reporting developed over this period. From May
2014, a standardised way of reporting risk across ShEx assets was established and risk
registers (made up of three elements: overall ratings, heatmap and individual risks) were
completed and updated monthly. These, however, were often variably completed by
Shareholder Teams and often captured asset risks rather than risks to UKGI. Portfolio
26 Broadly, the policy function is responsible for identifying the desired policy outcomes which POL is required to deliver; this is
consistent with the wider Government policy framework, delivers more Government control aver the policy agenda and better
enables Government to respond to parliamentary scrutiny and reporting requirements. The shareholder function, on the other
hand, focuses on how POL is being managed, its capability and its organisational performance to deliver BEIS’s policy
objectives.
?7 Paper presented to S May 2011 ShEx Board, entitled "Portfolio Unit Development".
28 Update to 7 March 2012 ShEx Board, entitled "Portfolio Unit Development: Investment Reviews".
29 ShEx's objectives, as set out in its 2004-05 to 2006-07 Corporate Plan, were: (i) to ensure each business delivers sustained
positive returns, and returns its cost of capital within the policy parameters set by Government; (ii) to increase by £1 billion the
value of a portfolio of six target businesses owned by Government, within a framework of clearly defined policy, customer and
regulatory objectives; (iii) to provide corporate finance expertise within Government; and (iv) to achieve a progressive return to
dividend paying.
30 See for example, Quarterly Portfolio Reviews of September 2012, September 2013 and the Annual Review of April 2016,
UKGI00048174
UKGI00048174
reviews, compared to their format today, were not as rigorous or involved, with content
largely determined by each Shareholder Team, but there were principles in place that
generated the traffic lights analysis of risk that is the basis of UKGI's current model.
Horizon risk reporting: From the point at which the first of these new form risk registers was
completed for POL in June 2014, to the present, the register consistently includes a risk
relating to Horizon. It is important to note that the Horizon risk relative to other risks
affecting POL has fluctuated significantly over this period. Set out below are some examples
of the key risks being flagged for POL during this period alongside Horizon:
e — inJune 2014 the key risks highlighted for POL related to the renegotiation of the Mails
contract with Royal Mail (which had implications for the long-term sustainability of
POL), risks relating to key revenue streams for POL (such as support from
Government Digital Services (to support POL playing a role in providing Government
with digital services and retaining the Post Office Card Accounts contract with DWP)
and work relating to Government's commitment in 2010 to mutualise POL. Of the 15
risks identified, issues with Horizon were number 13 and the risk was characterised
as a "reputational and brand risk due to perception that POL has not supported
postmasters, with accusation from JFSA that the process was flawed and not
sufficiently transparent"; the risk register notes that the July 2013 interim report
"found no systemic issues with [Horizon]";
« while risk registers noted developments, for example in January 2015 that "JFSA are
increasing the profile of this issue...Ministers broadly agree to maintain that the issues
should remain independent of Government", it was not until March 2015 (when there
was "increased attach from JFSA and MPs since POL announced closure of the
Working Group") that the risk relating to Horizon issues started to be characterised
as higher (in the top ten risks) and at that time there were significant other key risks
including the Mails contract, issues around POL's pension scheme and delivery of the
Network Transformation programme that were also being monitored by the ShEx
team. From June 2015, the risk registers included Horizon as a top five risk and started
to go beyond simply brand/reputational risk and address the risk of Government
being "drawn closer into the scheme", the potential for "costs to spiral out of control,
particularly if legal action is taken"; and
e from July 2015 — May 2016, the risk register changed very little in relation to Horizon:
it was rated high risk and characterised as an "increasingly orchestrated campaign
against POL...we are keeping close to POL and managing Ministers’ involvement, with
the intention of keeping the issue independent of Government", with the key actions
being to "Ensure POL are proactively managing interest and noise...Manage interest
and wobbles from Ministers or the centre, including preparing fall back options if
current arms-length position becomes untenable."
2016-2018: Post 2016, when ShEx transferred to UKGI, the approach to departmental risk
reporting changed (as UKGI was then reporting into BIS, as opposed to risk reporting within
ShEx) and the previous risk processes in place were strengthened further; namely (a) tailoring
the BIS risk rating guidance to UKGI (b) establishing training for risk register owners and
reviewers and (c) introducing periodic audits of the risk registers to review adherence to the
guidance.**
31 April 2016 Paper to the UKGI Audit and Risk Committee, entitled "Summary of Risk reporting process for UKGI"
10
UKGI00048174
UKGI00048174
Horizon risk reporting: Following proceedings being lodged in May 2016 until April 2018, the
rating for Horizon remained static, noting the risk that there was "potential for significant
compensation claims if civil or criminal courts rule against POL. More likely however, and
certainly in the short term, is that this continues to be a significant distraction (and cost) to
the business as they defend their actions" but that "this is a legal matter distinct from
Government".
Horizon IT System
2.24. Horizon is the Post Office accounting system, which processes and stores data relating to each
transaction made in all POL branches. The term Horizon is used to refer to the software, hardware, central
data centres and testing and training systems connected to this system.
2.25. Horizon was provided to POL under a contract with Fujitsu Services Limited (“Fujitsu”), formerly
ICL, awarded in 1996. The initial Horizon system was rolled out to branches between 1999 and 2002, with
branches migrating to an updated system known as Horizon Online (or HNG-X) over the course of 2010.
The key distinction between these systems was that the original system processed and stored data ona
designated master terminal in each branch, which was then transmitted to a central POL data centre in
batches, whereas Horizon Online required a constant secure connection to communicate directly with
the data centre on a transaction-by-transaction basis.
2.26. SPMRs were trained to use the Horizon system through a combination of classroom training, on-
site training and balancing support (i.e. assistance with balancing at the end of a trading day). This training
was voluntary (and certain SPMRs may have chosen not to receive such training) and SPMRs were
responsible for training their own staff and requesting further training if needed. As well as initial training,
POL also provided an ongoing support network through telephone helplines and branch visits by advisors.
Prosecutions Policy
2.27. Prosecutions were a feature of company operations of the RMG as POL’s parent company, and of
POL itself. RMG appears to have conducted such prosecutions privately, relying on conformity with the
Prosecutors Convention®, rather than proceeding through the Crown Prosecution Service.
2.28. As far as we can determine, the majority of prosecutions of SPMRs where Horizon issues were
the alleged cause of any discrepancy, occurred between [2000 — 2013] when POL was a subsidiary of the
RMG. We note the following:
2
Prior to 2004, UKGI/ShEx had no visibility of any activities of either RMG or POL;
b. Between 2004 - 2012, based on our understanding of the ShEx shareholder role at the time,
ShEx would have been receiving both RMG and POL performance and financial information,
but did not have any visibility of matters discussed at the RMG board, extending to
information on the conduct of prosecutions; [Drafting Note: further analysis of historical
ShEx files should assist in confirming this view]
[om Between 2012 - 2014, whilst a shareholder NED was appointed to the POL Board, UKGI/ShEx
team members did not have access to POL Board papers and we understand that POL was
reluctant to share this information with the shareholder. We will be undertaking further
work to understand the extent to which the POL Board and the UKGI/ShEx NED were had
visibility on prosecutions during this period. We understand that a Memorandum of
Understanding was put in place between the ShEx Shareholder Team and the NED to
facilitate high-level information sharing, but we have not yet located this document.
22 Last updated in 2012, BEIS and DWP as the historic sponsoring departments for RMG are both signatories.
11
UKGI00048174
UKGI00048174
2.29. Whilst monitoring the operational impact of prosecutions policy was the responsibility of the POL
management team, we can see that a Prosecutions Policy was presented to the newly formed POL Board
[twice], once in 2012 prior to the appointment of the shareholder NED in April and again in February
2014.*? The POL board also received a regular ‘Significant Litigation’ update as part of each board pack
for the period 2012-2015 (including in the 2012 period which predated the appointment of Susannah
Storey as the first Shareholder NED) which contained, amongst details of contractual disputes, an outline
of the top ten individual prosecutions that POL was involved with, and their status. Prior to POL’s
separation, prosecutions had been conducted by the RMG, however, this function transferred to POL [in
April 2012]. [Drafting Note: We intend to explore this point more fully once we have completed the
review of the historic ShEx, RMG and POL records from the BEIS archive].
Dispute with Postmasters
2.30. The complaints and allegations made publicly and to POL about the Horizon system and
associated issues commenced in earnest in 2009 with the establishment of the Justice for SPMRs Alliance
(“SFSA”). The core of those complaints has always been that various SPMRs have been the subject of
criminal prosecution, civil recovery and/or contract termination in respect of accounting discrepancies
for which the SPMRs say they were not responsible. Instead, the SPMRs claim that Horizon is responsible.
2.31. During the course of 2010-12 pressure built on POL and Government to take action in relation to
purported errors with Horizon. This included:
a. An increasing volume of correspondence between the JFSA, Ministers** and Members of
Parliament about their concerns, garnering support from MPs acting on behalf of affected
constituents (c. 20 MPs had constituency cases by mid-2012);
b. Press coverage from the BBC’s ‘Inside Out’ programme and articles in Private Eye;
[om In July/August 2011, Shoosmiths, acting on behalf of 5 claimants issued Letters before Action
supported by the JFSA increasing the pressure on Government to commission an
independent review into the reliability and integrity of the Horizon system;
d. From late 2011 to May 2012 James Arbuthnot MP pursued the allegations made by the JFSA
and individual SPMRs with the Post Office Minister and with POL on behalf of several MPs
with affected constituents; and
e Separately, Shoosmiths sent written evidence to the Parliamentary Select Committee for
Business & Skills (“BISCOMM”) on behalf of more than 100 SPMRs.
This pressure culminated in a meeting with POL’s Chair, CEO and James Arbuthnot MP in May 2012 (also
attended by Oliver Letwin MP, then a Minister within Cabinet Office) where James Arbuthnot MP agreed
to be a focal point for all MPs, and facilitate another meeting with other MPs who also had cases in their
constituencies. At this same meeting, POL agreed to use a forensic accountant to “investigate the system
and give further comfort to those concerned about these cases”.*° Second Sight Support Services Limited
(“Second Sight”) were appointed by POL to conduct the investigation. Second Sight were a relatively small
accountancy firm and it is not clear why POL chose them to undertake such a large and prominent piece
of work or whether they had sufficient expertise in this area.
33 We note that POL’s prosecution policy was also discussed at the POL ARC in November 2013 and January 2014. From February
2014, the POL board agreed to implement a revised prosecutions policy more focused on ‘pursuing the most egregious
misconduct’ which were described as higher value cases/cases involving vulnerable members of society/cases involving
particularly wilful wrongdoing, and engaging with the police in relation to other matters — Board Covering Paper ‘Review of
Prosecutions Policy’ of 26 Feb 2014.
3 The Shareholder Team produced advice, draft replies and briefing packs in support of each piece of correspondence from the
JESA to each successive Post Office Minister. The team also supported several debates in Parliament where the Minister provided
positive statements that there were no systemic issues with the operation of Horizon. These briefs relied on assurances and
information provided by POL.
2° POL Board minutes of 23 May 2012 (paragraph POLB12/69 (b).
12
UKGI00048174
UKGI00048174
2.32. The remit of their investigation was to “consider and to advise on whether there are any systemic
issues and/or concerns with the ‘Horizon’ system, including training and support processes, giving
evidence and reasons for the conclusions reached”. Second Sight’s investigation process had several
strands allowing affected SPMRs to be referred to the process via MPs, the JFSA or direct to Second Sight.
In total, 47 cases were referred into this process.°°
2.33. Whilst ShEx/UKGI and the Department were aware of Second Sight’s appointment, the ongoing
correspondence with the JFSA and MPs, and Second Sight’s scope of work in general terms”, it is not clear
what specific reporting may have been requested by, or provided to, ShEx/UKGI/BEIS during this time
period specifically focused on Horizon.
Pre-Mediation & Second Sight’s Report
2.34. Second Sight conducted their research between June 2012 and mid-2013 and provided an interim
report in early July 2013 which was published by POL. The POL Board appears to have been briefed on
the contents of the interim report as part of a board conference call arranged at short notice on 1 July
2013. It is not clear from the documentation we have reviewed to date, however, whether the full version
of the interim report was shared with Board members in advance of its discussion on this call or whether
the POL Board saw it afterwards.*® The Shareholder Team had sight of the interim report and used its
contents to support BIS Ministers in a Parliamentary debate on 9 July where the Minister made the
following statement which was the core finding of the investigation: “[Second Sight] have so far found no
evidence of system wide (systemic) problems with the Horizon software”. However, it is not clear whether
any detailed briefing was provided to Ministers specifically dealing with Second Sight’s report prior to the
statement made on 9 July 2013.
2.35. Second Sight’s report was welcomed by POL, who in response to other criticism made in the
report concerning business process, culture and training, established an independent working group (the
“Working Group”) to complete the review of cases raised with Second Sight, agreed to appoint an
independent chair to review how best to adjudicate disputed cases in the future and to establish a new
branch user forum to “...create a channel for SPMRs and others to raise concerns at the highest level...”.
The membership of the Working Group comprised POL, the JFSA and Second Sight. Sir Anthony Hooper
(a retired Court of Appeal judge) was appointed the Chairman of the Working Group on 29 October 2013.
It was also supported by James Arbuthnot MP. *°
The Mediation Scheme
2.36. On 23 August 2013, POL announced the creation of an independent complaint review and
mediation scheme for SPMRs, overseen by the Working Group (the “Scheme”) to implement the
commitment made in July 2013 to take forward and review concerns regarding the Horizon system. The
Working Group sought applications from SPMRs who had a complaint about the Horizon system or an
associated issue. Applicants would have their cases investigated by Second Sight and, subject to the
36 The deadline for the submission of cases and issues for the consideration of Second Sight was 28 February 2013. Some 29 cases.
were submitted through James Arbuthnot MP and 18 cases through the JFSA. Second Sight issued an Interim Report on 8 July
2013.
3” See Briefing to Norman Lamb of 27 June 2012 which refers to a full-scale review of Horizon being premature pending the
outcome of Second Sight’s review.
38 POL Board Minutes of 1 July 2013 item POLB13/52.
2° The Shareholder Team recollects that considering the volume of activity POL had commenced in response to Second Sight’s
report, there was a sense that the aside from the integrity of the IT system, the wider issues raised had been (or were being)
addressed.
13
UKGI00048174
UKGI00048174
approval of the Working Group, be referred onwards to the Centre for Effective Dispute Resolution
(“CEDR”), with a view to mediation of the dispute between the SPMR and POL.*°
2.37. ShEx were aware of the details of the Scheme and supported BEIS Ministers in answering
Parliamentary Questions on its intended operations, however, the Scheme itself was, and was seen as an
independently chaired process, to implement the commitments made by its CEO and confirmed by the
Minister in Parliament. By implication, the independence of the Scheme was key to it gaining support
from the JFSA and James Arbuthnot MP and was also keenly felt by its chair, Sir Anthony Hooper. #247
Whilst the Shareholder Team monitored the progress being made by the Scheme, this was informal in
light of the Scheme’s purported independence. For example, we are aware that the Shareholder Team
did see CEDR‘s review of the Scheme dated 31 July 2015 which provided some assurance on the quality
of process and progress being made. The report noted certain challenges (such as POL taking a legalistic
approach to mediation and recommending that POL do more to set expectations for the postmasters). It
also set out a number of observations, including that some SPMRs had failed to identify relevant issues in
advance, were in some cases represented by non-legal advisors and that postmasters had unrealistic
expectations. In addition, the CEDR noted that “the Post Office has been consistently responsive to CEDR’s
requests....it is clear from the reports that the Post Office has a willingness to explore the options, express
empathy and have constructive dialogue with the subpostmasters”. The report also noted that the
Scheme did not flag any issues that indicated any systemic problem with the Horizon System or any
miscarriages of justice with respect to postmasters.
2.38. By late 2013, the Scheme had received 150 applications, of which 136 entered the full Scheme
(ten were resolved before entry and four were ineligible) which was more than twice those forecast by
POL.” 37 applications were from SPMRs who had been convicted of a criminal offence. It was at this point
that the POL Board requested a standing item on Scheme cases be added to the Board’s agenda.”
2.39. Early in 2014, real concern began to grow within POL in relation to the slow progress being made
with the Scheme investigations,** the quality of the work of Second Sight, the positioning of Second Sight
in supporting the Scheme and the growth in scope of the work of Second Sight.*” POL’s concern, which
was echoed by ShEx*®, was that Second Sight was too small and inexperienced to perform their task and
that there was real concern that Second Sight had “Jost their independence and have become emotionally
involved in the cases of individual subpostmasters.” ShEx was aware of the delays in the Scheme and the
growing frustrations of POL and set out POL’s concerns in briefing notes to Ministers.*®
2.40. Concurrently, the JFSA also began to lose faith in the Scheme in early 2014. In April 2014, Alan
Bates wrote to Jo Swinson MP setting out a list of concerns related to the progress of the Scheme noting
the failure of POL to properly co-operate with Second Sight to enable them to complete their reviews. He
went on to note that too many stakeholders outside of POL thought that the only resolution of the
© An independent expert and not-for-profit mediation and conflict resolution provider.
“ Briefing materials and media summaries were shared with the Shareholder Team at the time and prior to launch. Additionally,
the Shareholder Team recollect informally receiving progress updates from POL on the Scheme's progress.
“2 Summary of public commitments made by the then Minister, Jo Swinson as part of the speech in Parliament to create the
mediation scheme “..it is important that further work is not only independent but seen to be independent...”.
8 Although not written in the same time period, the paper(s) produced for the Sparrow SubCo meeting of 30 April 2014
‘emphasise the independence and arm’s length nature of the Scheme.
* POL Board Minutes of 27 November 2013 (paragraph POLB 13/126).
45 As above, this would be included in the CEO's report (paragraph POLB13/126 (b)).
48 POL Board Minutes of 21 January 2014 (paragraph POLB14/7 (f)); and POL Board Minutes of 26 February 2014 (paragraph POLB
14/18).
47 Internal ShEx Briefing note “David vs. Goliath” dated January 2014.
*® Briefing note for Jenny Willott: "Second Sight appears unable to process and prepare cases quickly enough, or to a
sufficiently high standard.”
* Briefing Note for Ministerial meeting with Alan Bates of the JFSA dated April 2014.
5° The JFSA objected to POL’s approach to mediation. Public criticism of POL, including of its approach to the Scheme, on the part
of MPs (particularly James Arbuthnot MP) grew during 2014.
14
UKGI00048174
UKGI00048174
Horizon issue would be via courts and in his view Second Sight were probably “the only company presently
able to offer an independent, professional and reasoned insight into what has been going wrong at POL
and Horizon over the years”.*! In response, and on the advice of ShEx, Jenny Willott (the minister providing
maternity cover for the Post Office portfolio) responded to Alan Bates noting that while supportive of a
resolution “Government cannot be involved in operational matters concerning Post Office Ltd or the
Working Group.”
2.41. In April 2014 (following the POL Board approval of its creation at the 26 March 2014 meeting),
the POL Board established a new board sub-committee to monitor the Scheme and consider whether any
alternative arrangements might be necessary to secure closure of the issues. This was code named
‘Project Sparrow’. Importantly, following the change in the Shareholder NED from Susannah Storey to
Richard Callard®?, UKGI had detailed visibility on the papers and issues being discussed at this sub-
committee via Richard Callard’s membership — a position that he voluntarily requested to gain further
insight and visibility. From a review of the POL Board minutes at the time, other than via a high-level
summary via the CEO’s report to the POL Board, and occasional inclusion of minutes of discussions, the
details of the Board Sparrow Sub-Committee (“Sparrow SubCo”) discussions do not appear to have been
fully communicated to the POL Board. Nor is it clear whether the legal advice presented to the Sparrow
SubCo was presented to the POL Board.**
Deloitte Report
2.42. At the POL Board meeting on 26 March 2014 the POL Board also commissioned Deloitte to
undertake a desktop assurance review relation to Horizon. The inference that we have drawn from the
documentation we have seen to date is that POL appears at this point to have lost confidence in the
Scheme and, in particular, Second Sight’s ability to provide independent investigation of issues related to
Horizon. The purpose of this work was to provide the POL Board with “the truth about the reliability of
the system” to counter ‘scepticism’ elsewhere.®° The scope of the Deloitte work commissioned consisted
of:
i. a desktop exercise to assess the control framework within which Horizon operates;
ii. an assessment of the integrity of the Horizon processing environment at implementation (i.e. to
determine whether Horizon was set up correctly); and
iii. a response to the most significant thematic issues raised by Second Sight.565”
2.43. Adraft executive summary of Deloitte’s work against part (i) above, was presented at the 30 April
Board meeting by POL’s CIO and General Counsel alongside a partner at Deloitte. At this point, Deloitte
had focused on providing ‘...assurance that the control framework, including the security and processes
for change, were robust from an IT perspective...’. °° In Deloitte’s opinion, as expressed to the POL board,
‘..all work to date showed that the system had strong areas of control and that its testing and
implementation were in line with best practice...’. °° We note that the findings of this advice provided the
POL Board and Shareholder Team with a degree of comfort and assurance on Horizon’s robustness at the
time. In light of that assurance, the POL Board queried whether a similar exercise could be undertaken
for the pre-2010 Horizon system and Deloitte was tasked to produce a proposal for conducting such work.
51 Letter from Alan Bates to Jo Swinson MP dated 16 April 2014.
52 Letter from Jenny Willott (maternity cover for Jo Swinson) to Alan Bates dated April 2014.
53 Susannah Storey's last board meeting was 26 March 2014; Richard Callard attended POL board meetings as an observer from
Feb 2014 but wasn’t formally appointed until 26 March 2014,
5 Sparrow SubCo papers contain summaries of legal advice it is unclear whether these were produced within POL or by external
Counsel (Jan 2015 Sparrow SubCo meeting).
5 POL Board minutes of 30 April 2014 (paragraph POLB 14/55 (a) — (g))
5 POL Sparrow SubCo minutes of 9 April 2014 (paragraph PS 14/4 (a) - (f)).
57 Project Brisbane High Level Summary Note - page 8, paragraph 6-6.9.
58 As above.
°° As above.
15
UKGI00048174
UKGI00048174
N
B
>
es he Shareholder MMM also does not recall
receiving the final report. We also note that the final report does not appear to have been discussed at
the Sparrow SubCo meeting on 6 June or at the full POL Board meeting on 10 June 2014."
2.45. UKGI Legal is conducting further work to understand whether the POL Board saw Deloitte’s final
report. This is particularly important given that the report flagged that some form of remote functionality
by Fujitsu was theoretically possible as follows:
a. that database access privileges which “would enable a person to delete a digitally signed
basket” do exist, but are “restricted to authorised administrators at Fujitsu”;
b. those privileges “would enable a person to create or amend a basket and re-sign it with a
‘fake’ key, detectable if appropriately checked”; and
c that administrators had the ability to “delete data from the Audit Store during the seven year
period, which was a matter...contrary to POL’s understanding...This could allow suitably
authorised staff in Fujitsu to delete a sealed set of baskets and replace them with properly
sealed baskets, although they would have to fake the digital signatures”
2.46. As highlighted in the Tim Parker review (see paragraphs [2.65-2.72] below), given that POL
continued to make outward assurances that that the functionality of Horizon did not permit remote
access, the findings of the Deloitte report do appear significant and ascertaining whether (i) the POL Board
saw this finding in the final report and did not appreciate its significance® or (ii) the POL executive did not
share the final report with the POL Board, is key.
2.47. By early June 2014, POL was having internal discussions through the Board’s Project Sparrow
SubCo about the possibility of closing down the Working Group and resolving the cases in another way,
including potentially moving the process in-house. POL was also considering the replacement of Second
Sight. UKGI was aware of a degree of frustration within POL as to the delays with the Scheme and potential
issues with the quality of the work being undertaken by Second Sight. These concerns were raised with
Ministers in the context of ongoing meetings with the JFSA and in response to further concerns raised in
the media and by MPs.**%
2.48. It is clear from briefing packs produced for ongoing Parliamentary scrutiny of POL policy that
much of the material was produced by POL and incorporated by UKGI into Ministerial briefing packs and
speeches. ® It is, however, unclear, what degree of challenge was given by UKGI to the contents of that
project Brisbane Report High Level Summary Note — page 9,paragraph 6.3; Parker Review — page 48, paragraph 138
®1 A review of the Board minutes from both meetings do not evidence that the final Deloitte report was discussed.
© Parker Review — page 49, paragraph 140.
© Jt is possible that given the overall assurance provided to the POL Board at the time by Deloitte the fact that some form of
remote functionality by Fujitsu was theoretically possible did not raise any red flags about the overall robustness of the Horizon
system or its correlation to alleged shortfalls.
4 Email correspondence between ShEx team and Ministerial private office dated 30 September 2014.
‘® Email correspondence between ShEx team and Ministerial private office dated 8 December 2014.
© BIS topical briefing pack contains details of financial and other reconciliations of Horizon software and other back-office
processes which is a replica of POL’s written supplementary evidence to the BIS Select Committee of February 2015.
16
UKGI00048174
UKGI00048174
material and the definitive nature of some of the statements the Minister was asked to make on the
record.”
Closure of the Mediation Scheme & Second Sight’s Final Report
2.49. By February 2015, the JFSA were refusing to engage in the Working Group process and had lined
up a law firm with a publicly declared intent of preparing potential litigation. There were also growing
concerns with the scope of Second Sight’s scope of engagement and their focus on broader issues relating
to POL’s relationship with SPMRs and not strictly on Horizon IT issues. POL was facing increased criticism
from MPs following a BIS Select Committee hearing on 3 February 2015.
2.50. In a report to the Sparrow SubCo in mid-February 2015, the POL General Counsel recommended
a change in strategy and that POL move to a presumption of mediation in all non-criminal cases in order
to accelerate the delivery of the Scheme. [This approach was endorsed by the POL Board.] On 10 March
2015, POL announced it would mediate all Scheme cases, save for those which had been the subject of a
court ruling (whether or not to mediate those cases was to be considered case-by-case). This decision
effectively removed the core purpose of the Working Group and POL announced its closure on the same
day. POL also sent a letter to Second Sight terminating its engagement on 10 March 2015.°
2.51. BEIS ministers received a volume of correspondence and Parliamentary activity in the wake of the
Working Group closure announcement (and on an ongoing basis into late 2015) which was responded to
by the Shareholder Team in the normal course of business.”° In preparing responses for Ministers it is
clear that the ShEx team were:
a. aware of stakeholder views that the closure of the Working Group was instigated by POL to shut
down discussion;
b. aware that mediation itself was continuing, supported by Second Sight; and
c. aware that the Scheme had suffered delay and was also struggling with expectation management
of claimants,”
2.52. Following the closure of the Working Group, POL also instructed Second Sight on 10 March 2015
to issue a completed version of their Part Two Report.’? However, this instruction specifically reduced
Second Sight’s scope to “...those topics on which it has sufficient knowledge, experience and expertise....
matters such as the standard Subpostmasters contract and prosecution issues are outside of Second
Sight’s expertise...”.”? The final Part Two report from Second Sight was issued to applicants of the
mediation scheme on 9 April 2015 (the “Final SS Report”) — it was not, however, formally published. Also,
in April 2015, POL produced a reply to the Final SS Report.”*
5 Note that the Shareholder Team recall asking regular questions of POL and challenging information provided. As a matter of
course, information would not have been put to Ministers until the team were content with its assertions. However, as a
consequence of much of this questioning / challenge having been performed over the phone or in face to face meetings, formal
records of Shareholder Team interactions and POL responses are limited.
& Here again, the recollection of the Shareholder Team is that these wider issues were being addressed by POL.
® Project Brisbane (23 July 2020), paragraph 5.38.
70 The Working Group was the mechanism whereby the progress of cases to mediation was determined. By closing the Working
Group, the POL board made the active choice to allow all cases to proceed to mediation regardless of merit which had the added
benefit of speeding up the process.
71 Submission from ShEx to Jo Swinson dated 4 March 2015; Submission from ShEx to SoS and Jo Swinson dated 11 March 2015;
and Submission from ShEx to the Secretary of State dated 18 March 2015.
72 Presentation from POL to Baroness Neville-Rolfe dated August 2015.
73 As above - reference to Second Sight engagement letter of 10 March 2015.
74 We note from Project Brisbane (23 July 2020), paragraph 5.2, that Second Sight circulated a number of draft versions of the
Part Two Report to POL before its final report was published, from around March 2014 and POL circulated a number of responses
to these earlier drafts.
17
UKGI00048174
UKGI00048174
2.53. In the Final SS Report, Second Sight highlighted that their work was limited by POL’s refusal, with
which they did not agree, to provide three categories of information. The categories of information were:
(a) the complete legal files; (b) the complete email records of POL employees working at Fujitsu’s
Bracknell office for 2008; and (c) detailed transactional records relating to POL’s suspense account
(paragraphs 2.1-2.19). Second Sight concluded that POL “did have, and may still have, the ability to directly
alter branch records without the knowledge of the relevant” SPMR (paragraph 2.12).
2.54. The Final SS Report dealt with 19 common issues, which were referred to as ‘thematic issues’.
Most notably Second Sight found that that the contract between POL and SPMRs was not always provided
to SPMRs and the contractual terms, placing responsibility for losses on SPMRs, was “unfair” (paragraphs
3.6-3.8, 6.1-6.16). They also reported that Horizon was insufficiently error repellent, in that “the majority
of branch losses were caused by ‘errors made at the counter’”, which could have been avoided if the
systems had been improved. Second Sight took the view that POL had little incentive to do so (paragraphs
3.11-3.14). In addition, Second Sight also raised in their review of the thematic issues, several findings
that indicated that Horizon had potential to result in branch account losses.
2.55. POL issued a public statement in April 2015 in which it was critical of the Final SS Report,
particularly noting that it was too broad in its application, did not provide any concrete evidence that
specific issues had caused shortfalls and comments on issues outside of their remit and expertise. The
UKGI Shareholder Team, in reviewing the Final SS Report and as a result of their dialogue with POL on the
findings, did not consider that the Final SS Report pointed to systemic issues in relation to Horizon. Our
review of available documents to date indicates that the full Final SS Report was not presented or debated
to either the Sparrow SubCo or the POL Board and that the responsibility for preparing POL’s response to
Second Sight’s findings was delegated to the executive”®
our
review of historic documentation to date suggests that POL’s detailed response to the Final SS Report and
its handling were not debated by the full POL Board and Sparrow SubCo. 7”
2.56. During the period June—July 2015, the Shareholder Team undertook considerable activity briefing
new ministers, and supporting ongoing Parliamentary scrutiny of Horizon-issues. This included
specifically:
2
Advising as to whether ministers should meet Second Sight;
b. Facilitating meetings between ministers (including the Secretary of State and Special
Advisers) and POL; and
fom Providing briefing in support of Parliamentary debates and following up MP meeting
requests.
BBC Panorama Programme
2.57. On 17 August 2015 the BBC broadcast a Panorama programme ‘Trouble at the Post Office’ (the
“Panorama Programme”). It featured a number of SPMRs (who have been the subject of criminal
75 The POL board met on 25 March and then again on 21 May 2015 at which time the CEO provided an update on both Second
Sight’s Part Two report and POL’s own response. POL issued a document titled ‘Reply of Post Office Limited to Second Sight's
7” Itis worth noting here that a General Election took place in May 2015, after which, the department took a period of time to
confirm ministerial portfolios.
18
UKGI00048174
UKGI00048174
convictions, including some who had pleaded guilty to criminal charges), the former MP James Arbuthnot,
a former expert witness Professor Charles McLachlan and a former Fujitsu employee named Richard Roll
(the “Fujitsu Whistleblower”). 7°
2.58. The Fujitsu Whistleblower’s participation was the only genuinely new information in the
broadcast’, but it was of potential significance.® The Fujitsu Whistleblower told Panorama that he and
his fellow Fujitsu employees saw a “lot of errors, a lot of glitches” on the Horizon system. He said that
financial records were sometimes changed remotely, without the SPMRs knowing, which POL had always
said could not happen and that they “went in the backdoor and made changes. Sometimes you would be
putting in several lines of code in at a time. If we hadn’t done that then the counters would have stopped
working”.
2.59. On 31 July 2015, prior to the broadcast of the Panorama programme, ShEx updated Ministers on
the likely content of the programme, including that it would include an interview with: “A former Fujitsu
(supplier of Horizon) employee, apparently a whistleblower saying that POL can remotely alter branch
accounts to cause discrepancies” and that “This is related to an account by Andrew Bridgen MP’s
constituent Mr Michael Rudkin, which Mr Bridgen raised in Parliament.” *! ShEx noted that there were no
new allegations being made in the Panorama programme and repeated to Ministers assurances received
from POL that POL planned to defend themselves robustly against them.
2.60. I ShEx corresponded further with POL on this matter in July-August 2015 in the run up to the
broadcast date, including in relation to their proposed communication approach to the Panorama
Programme. On 7 August 2015, POL provided ShEx with the statement provided by POL to Panorama,
which again included a robust denial of the ability of POL or Fujitsu to edit branch transactions without
an audit trail.®?
2.61. We have not seen any evidence from the POL Board papers that the allegations made in the
Panorama programme were discussed by the POL Board. Our impression is that the Fujitsu Whistleblower
was another allegation about remote access in what appeared to be a continuing stream of allegations
about remote access, in relation to which POL had received assurances from Fujitsu.*? POL’s statement to
Panorama in relation to the remote access allegations made by Mr Roll was that “Neither Post Office nor
Fujitsu can edit the transactions as recorded by branches. Post Office can correct errors in and/or update
a branch’s accounts by inputting a new transaction (not editing or removing any previous transactions).
However, this is shown transparently in the branch transaction records. There is no evidence that any
branch transaction data was inappropriately accessed from a remote access point.”
2.62. It appears that the focus of ShEx at that time was whether the Panorama Programme would be
critical of Government and the prevailing view appeared to be that the allegations at the heart of the
78 Note that Professor McLachlan had appeared as an expert witness in the defence of Seema Misra when she was convicted by
a jury of theft, having plead guilty to false accounting. Seema Misra is one of the original claimants supported by the JFSA. She
was prosecuted in October 2010.
79 Tim Parker review, paragraph 87.
80 The Shareholder Team were aware of the allegations of Horizon errors, but until this point, there had been no confirmation
by the Fujitsu that this was possible.
81 Submission from ShEx to Baroness Neville-Rolfe dated 31 July 2015. An earlier submission from ShEx to Baroness Neville-Rolfe
and George Freeman dated 24 June 2015 mentions that the Panorama Programme was to contain an interview with a former
Fujitsu employee but does not mention the fact that that they are a whistleblower (which the Shareholder Team recollect was
unknown to them at that point).
®2 Email chain between POL Communications and Corporate Affairs Director and ShEx dated 7 August 2015.
83 The Shareholder Team do recall raising queries with POL about the status of the Fujitsu whistleblower. Based on the known
facts at the time, and the fact that this was a Fujitsu whistleblower rather than a POL whistleblower (and therefore not under
the shareholder’s direct sphere of influence at the time) the team were satisfied with the detail of the response provided. [It
appears that the Shareholder did not, however, challenge why greater attention had not been drawn to the Fujitsu
whistleblower at the POL Board.]
19
UKGI00048174
UKGI00048174
Panorama Programme, including the emergence of the Fujitsu Whistleblower, were matters for POL and
that it would be inappropriate for Government to comment further.
2.63. Following the broadcast of the Panorama Programme on 17 August 2015, Baroness Neville-Rolfe
received an email from Andrew Bridgen MP, Kevan Jones MP and Oliver Letwin MP on 24 August 2015
requesting a meeting and noting that various statements in the Panorama Programme, including the
allegations of the Fujitsu Whistleblower, required urgent investigation.™ In a letter response to Oliver
Letwin dated 10 September 2015, Baroness Neville-Rolfe referred to briefing notes prepared by ShEx
officials that highlighted that these issues were “an operational matter for Post Office Limited” and that
a Government or judicial inquiry would be inappropriate where mediation or civil claims remain available
to SMPRs. In addition, the briefing note reiterated that “A Government investigation would be unlikely to
find the “smoking gun” campaigners are seeking or provide large compensation pay-outs, given the
amount of scrutiny this issue has received... unless there is evidence of wrongdoing on the part of Post
Office, there is no need for Government to intervene.”
2.64. Further, in response to concerns raised by MPs, Baroness Neville-Rolfe (with the assistance of
ShEx), wrote to Tim Parker on 10 September 2015 noting the increased MP interest in the Horizon IT
system since the Panorama Programme and the calls from MPs for an independent investigation. The
letter noted that “Government takes seriously the concerns raised by MPs regarding the Post Office
Horizon system and the suggestions that there may have been miscarriages of justice as a result of issues
with Horizon. I am therefore requesting that, on assuming your role as Chair, you give this matter your
earliest attention and, if you determine that any further action is necessary, you will take steps to ensure
that happens.”
The Chairman’s Review
2.65. As mentioned above, on 10 September 2015, following the Panorama Programme and the
assurances made by Baroness Neville-Rolfe to MPs, Baroness Neville-Rolfe wrote to Tim Parker requesting
that on assuming his role as Chairman he give the issues relating to the Horizon system his “earliest
attention” and take any further action should it be deemed necessary.*” ®° In response, Tim Parker
appointed Jonathan Swift QC (former Treasury Counsel) and Christopher Knight (both barristers at 11 King
Bench Walk, Temple). In January 2016, Tim Parker met with Baroness Neville-Rolfe to provide an update
‘on, among other things, the progress of his review.®”
2.66. Jonathan Swift QC and Christopher Knight produced a 67-page report dated 8 February 2016 (the
“Parker Review”)® which covered in some detail the nature of the relationship between POL and the
SPMRs, the Horizon system and the Horizon complaints. The report then went on to analyse four different
areas, namely: (i) criminal prosecutions; (ii) the Horizon system; (iii) training and support provided to
SPMRs; and (iv) the mediation scheme investigations of individual cases. In relation to all four areas the
review sought to address two principal questions, firstly, what had already been done in the 2010-2015
period and, secondly, what further work could be done to plug any remaining gap.
2.67. The Parker Review made a number of findings and eight recommendations, a more detailed
summary of which is highlighted in Annex 2. One of the most significant findings was that the Deloitte
8 Email chain from Andrew Bridgen MP, Kevan Jones MP and Oliver Letwin MP to Baroness Neville-Rolfe dated 24 August 2015
and email to ShEx.
85 At this point, Tim Parker was not formally the POL Chair. With the resignation of the previous Chair, the SID had assumed the
temporary role of the Chair. Mr Parker formally took up the POL Chair role in October 2015. Mr Parker was well known to
Ministers and had the support of the then Cabinet Office minister, Francis Maude. He was felt to bring a fresh pair of eyes and
not be beholden the board or management team’s previous decisions.
% Letter from Baroness Neville-Rolfe to Tim Parker dated 10 September 2015.
87 Briefing from ShEx to Baroness Neville-Rolfe, which refers to a meeting to be held on 26 January 2016, dated 22 January 2016.
*8 Tim Parker Review dated 8 February 2016.
20
UKGI00048174
UKGI00048174
Project Zebra report in May/June 2014 had highlighted that branch records could be theoretically
remotely altered without the need for acceptance by SPMRs, which was contrary to the public assurances
provided by Fujitsu and POL at the time about the functionality of the Horizon system. The Parker
Review’s eight recommendations included the suggestion that POL instruct suitably qualified specialists
to carry out analyses/reviews into Horizon and into the controls over and capability of Fujitsu employees
to remotely amend branch data. Some of these recommendations resulted in Deloitte being
commissioned to undertake further work into examining the issue of remote access as outlined further
in paragraphs [2.73-2.75] below. In addition, the Parker Review also made recommendations for a review
of POL’s approach to historical convictions including how POL had approached plea-bargaining as well as
whether further disclosure of the issues discussed in the Deloitte report were required. [Drafting Note:
Further work to be undertaken to understand how the other recommendations, including those relating
to criminal prosecutions]
2.68. A review of the POL Board papers from this time, indicates that the Parker Review, its
recommendations or the status of the implementation of those recommendations were not shared with
or discussed by the POL Board. We note that Tim Parker has said that he was advised by POL’s General
Counsel at the time (Jane MacLeod) that the report should not be shared for confidentiality and legal
privilege reasons. We note that this is an unusual response; legal privilege should not be used as a way of.
shrouding findings from as asset’s board, particularly where it makes recommendations for further
investigative work. It is not clear whether the POL Board would have adopted a different approach to Tim
Parker but on issues as material to POL as those being explored, collective decision-making on this point
would have been more appropriate. This view was reiterated in a letter from the BEIS Permanent
Secretary to Tim Parker on 6 October 2020 (set out in Annex 4).°°
2.69. Following the finalisation of the Parker Review, Tim Parker wrote a letter to Baroness Neville-
Rolfe on 4 March 2016 providing a broad overview of the outcome of his review (as opposed to the report
itself) and outlined the further actions that were being taken (full letter attached at Annex 3). The letter
provided a degree of comfort to the Minister/ShEx with respect to Horizon issues. Tim Parker noted that
although further work was being conducted on other specific issues, in relation to known bugs/issues:
“No evidence has emerged to suggest that a technical fault in Horizon resulted in a postmaster being held
responsible for a loss. In the context of this review exercise, I have concluded that there is no basis on
which to recommend further action in relation to these known, specific, errors.”
2.70. Tim Parker stressed in the letter that the update he was providing and the work that underpinned
it was subject to legal professional privilege and provided in confidence but noted that he is “of course,
aware that once the various additional strands of work [he is] pursuing are complete, we will need to find
an appropriate method of communicating the results of [his] review to a wider audience”. To date we
have not seen evidence that the findings of the report were shared with a wider audience including ShEx,
Ministers or the POL Board. The letter also noted that Tim Parker had commissioned various individuals
to complete the work recommended in the Parker Review. As far as we have been able to ascertain to
date, not all of the eight recommendations in the report were progressed as doing so was delayed and/or
deprioritised when the group litigation was commenced.”
®° Letter from Sarah Munby to Tim Parker dated 7 October 2020.
% Other material points made by Tim Parker in the letter included: (i) Recognition that bugs and glitches would be unremarkable
in a system with the age, size and complexity of Horizon; and (ii) Acknowledging that ‘no evidence has emerged to suggest that
a technical fault in Horizon resulted in a postmaster wrongly being held responsible for a loss’ and that further work was still
underway to ‘address suggestions that branch accounts might have been remotely altered without complaints’ knowledge’ and
to ‘test....by analysis of transaction logs...whether or not the matters complained of by each subpostmaster could show the
existence of some other, generic, bug within the system...
°1 [Reference to be inserted]
21
UKGI00048174
UKGI00048174
2.71. On 27 April 2016, Baroness Neville-Rolfe had a meeting with Tim Parker, to discuss his progress
with the outstanding actions recommended in the Parker Review.*? The briefing produced ahead of that
meeting suggested that Baroness Neville-Rolfe raised how she could communicate the findings of the
review with interested parties such as Andrew Bridgen MP and Lord Arbuthnot, noting the potential legal
difficulties with sharing the report more broadly. It appears, that no further action after this meeting was
taken to pursue follow-up actions because the JFSA issued court proceedings shortly thereafter.
2.72. The response of the POL Board and ShEx/UKGI to the issues raised by the Fujitsu Whistleblower
and Tim Parker Review also provide an insight into the lens with which the JFSA complaints were viewed
at the time. The impression gleaned is that the POL Board and the Shareholder Team were very close to
the Horizon issues and had received multiple assurances that the type of remote access alleged was either
not possible, not a problem, or unrelated to the JFSA claims. In addition, the continual swathe of media
coverage, parliamentarian questions and lobbying activities of the JFSA, may well have made it very
challenging for the POL Board and Shareholder Team to view certain key events objectively and to
challenge the POL executive with this lens in mind.
Project Bramble
2.73. Although there were a number of follow-up actions emanating for the Parker Review, there were
two recommendations relating to remote access specifically that were taken forward by Deloitte as part
of ‘Project Bramble’ (see Annex 2 for further detail).°? Unlike Project Zebra, Deloitte’s work was not
confined to a desktop review, with Deloitte reporting into Jane MacLeod, the POL General Counsel.
2.74. [Overall, we understand that the Project Bramble draft report presented to the POL executive in
January 2018 found in relation to Horizon that the systems and control were “robust”. However, in
relation to the issue of remote access, Deloitte identified two means by which Fujitsu employees could
alter branch accounts on Horizon Online (the first of which was already known to POL)]:
a. certain Fujitsu users are able to inject additional transactions into a branch’s accounts
through normal system functionality without a subpostmaster’s knowledge or consent via
Balancing Transactions. These entries would be visible to subpostmasters through their
branch reporting tool; and
b. remote access was possible through certain Fujitsu employees who were granted
“privileged” user status outside of Horizon’s specific functionality and who had the ability to
add, amend or delete transactions entered into Horizon by branch staff. Deloitte highlighted,
that to the best of their knowledge, such transactions would appear as if a normal
transaction generated in branch by the postmaster. Deloitte observed that safeguards
existed to prevent this including the segregation of access permissions and a time
restriction.”
°? Briefing note from ShEx to Baroness Neville-Rolfe dated 26 April 2016.
°3 The Parker Review had made two recommendations concerning further investigations into remote access, namely to review:
(i) the use of Balancing Transactions throughout the lifetime of the Horizon system, insofar as possible, to independently confirm
from Horizon system records the number and circumstances of their use; and (ii) review the controls over the use and capability
of authorised Fujitsu personnel to create, amend or delete baskets within a sealed Audit Store throughout the lifetime of the
Horizon system, insofar as possible.
% Project Brisbane (31 March 2020), paragraphs 11.1~ 11.165.
22
UKGI00048174
UKGI00048174
2.75.
The Group Litigation Order (“GLO”)
2.76. Legal proceedings were commenced against POL in April 2016 and a GLO” was made on 21 March
2017. Ultimately approximately 550 Claimants joined the proceedings, mostly SPMRs along with a small
number of Crown Office employees and managers/assistants. Approximately 30 claimants had been
convicted of criminal offences.
2.77. Given legal proceedings had been announced, the Government's public line in respect of the
litigation at this time was: “This is an operational matter for Post Office Ltd. As legal proceedings have
been announced, we are unable to comment further.”*” The Shareholder Team provided briefings to the
Minister in respect of key developments, these were based on the agreed approach that the litigation
was for POL to manage, and that Government would maintain an appropriate distance. Where there was
limited information to report, briefings were provided less frequently (for example, in 2017 there were
very limited updates to be provided between the GLO being made and the Case Management Conference
described below). Between September 2016 and March 2018, the UKGI Risk Registers referring to the
Project Sparrow civil litigation include a number of reoccurring principles highlighting this approach,
namely:
a. “POL have external legal advisors employed on the civil litigation including a QC”
b. “[POL] continue to update UKGI through the Board and directly on key stages”
c. “this [litigation] is a legal matter and distinct from Government”
2.78. In October 2017, a Case Management Conference was held with the managing judge, Mr Justice
Fraser, and he set a timetable for dealing with the litigation, fixing two trials:
a. the Common Issues trial in November 2018 to determine the nature of the contractual
relationship between SPMRs and POL and the obligations owed by each party pursuant to it;
and
b. the Horizon Issues trial in March 2019 to address the reliability of Horizon.
2.79. Throughout the period between 2016 and early 2019, regular updates on the GLO were provided
to and discussed by the POL Board and Group Litigation Sub-Committee® on the progress of the litigation,
but these were generally characterised as factual updates on position as opposed to active discussions of
strategy or next steps. Typically, updates were provided verbally by the General Counsel (to preserve legal
95
9° The GLO was a Group Litigation Order applying to all claims made against POL by Claimants: (a) who claim to have suffered
losses as a result of Post Office Limited having: (i) inappropriately attributed to them and/or inappropriately recovered alleged
shortfalls in branch accounts from them; (ii) suspended them, terminated or induced their resignation from their appointments
or engagements, for a reason related to inappropriately alleged shortfalls in their branch accounts; (iii) pursued civil or
bankruptcy proceedings, criminal prosecutions and/or restraint applications against them for a reason related to inappropriately
alleged shortfalls, and/or; (iv) sought to do any of the foregoing for a reason related to inappropriately alleged shortfalls in their
branch's accounts; and (b) whose claims gives rise to one or more of the relevant GLO Issues.
97 Submission from ShEx to Baroness Neville-Rolfe (Post Office Horizon: update on group legal action) dated 3 May 2016
%8 This sub-committee was established by POL in January 2018.
23
UKGI00048174
UKGI00048174
professional privilege) and therefore it is difficult to determine with certainty in retrospect the visibility
provided to the Board on strategy and prospect of success.
2.80. In March/April 2018, several steps were taken by the Shareholder Team to ensure the
Department had greater visibility over the legal advice received by POL and its strategy going forwards.
These included:
a. Litigation Protocol: the UKGI General Counsel initiated the implementation of a litigation
protocol to ensure visibility over the legal advice received by POL. From April 2018, the UKGI
risk register indicates “UKG/ seeking to put protocol in place to ensure Perm Sec remain (sic)
up to date” which was updated in June 2018 to indicate “[POL] continue to update UKGI [...]
directly to UKGI’s Legal Counsel under a Disclosure Protocol that protects legally privileged
information”. This exercise was initiated in March 2018 as a consequence of the lessons
learned exercise following the Magnox Inquiry, and agreed with POL on 11 June 2018. The
protocol with has remained in place since to permit information sharing on Horizon related
matters and other material litigation issues;
b. Merits opinion: having absorbed the lessons learned from Magnox, the Shareholder NED
challenged POL to obtain [Drafting Note: specific date to be confirmed] and critically
consider a merits opinion in respect of settlement of the litigation; and
[on Group Litigation Sub-Committee: Tom Cooper was appointed to the Group Litigation Sub-
Committee from its creation in January 2018, attending as an observer until his formal
appointment as Shareholder NED in March 2018. The committee first met in March 2018 and
continued to meet at least bi-monthly on a schedule designed to complement the litigation
timetable. Membership of this committee provided the Shareholder NED with additional,
timely updates, as well as increased visibility on strategy and opportunity for challenge.
Common Issues Trial
2.81. As well as lobbying POL to obtain a merits opinion in respect of settlement, the Shareholder Team
[and UKGI General Counsel] also considered whether there was any benefit to asking POL to commission
a second opinion. However, considering the proximity of the Common Issues trial, scheduled for
November 2018, and apparent robustness of the existing legal opinion, very little traction with POL was
made in exploring this option.
2.82. Throughout its conduct of the GLO litigation, POL’s conduct was in line with the legal advice it
received. In respect of the Common Issues trial, the Group Litigation Sub-Committee was advised in July
2018 that leading counsel for POL considered POL to have the “better arguments” and in light of this, the
reporting to the POL Board appears to have been positive in respect of the prospect of success.
2.83. UKGI continued to probe POL further into the conduct of the litigation in the run up to the start
of the Common Issues trial. For example, a summary of the litigation to date, including the counsel
opinion, was provided to the Permanent Secretary in May 2018, and updated in August 2018 and a
meeting arranged between the Minister, the Permanent Secretary and the POL General Counsel, Chair
and CEO in October 2018 to discuss the “issues at stake”,°° merits opinion and more general strategy. This
meeting was proposed by the Shareholder Team, via the Shareholder NED, in connection with the team’s
concern over the sufficiency of POL’s contingency planning. In preparation for this meeting, POL prepared
a briefing paper, which included the following line on prospects of success: “Post Office’s external Counsel
believe that Post Office has the stronger arguments on most of the Common Issues, nevertheless they
°° Submission to the Permanent Secretary - POL Litigation Update August 2018.
24
UKGI00048174
UKGI00048174
caution that Post Office is unlikely to be successful on each and every one of the Common Issues, given the
judicial tendency to provide a degree of balance between the parties.”
2.84. It was evident during this process that the POL executive and legal team had a very firm belief in
the robustness of Horizon and the generally positive legal advice they had received to date. This
confidence manifested in a reluctance to expend resource on considering alternative courses or
contingency activities. While there is some merit in a clear and confident litigation strategy, holding to a
narrow line too rigidly, as the POL team did here, meant that they lacked the flexibility to adjust their
strategy at speed, either in the face of valid constructive challenge or of unexpected turns of events.
2.85. In March 2019 (shortly after the Horizon Issues trial began), Mr Justice Fraser handed down his
judgment on the Common Issues trial. It was highly critical of POL and the way it had treated SPMRs. The
judgment also determined that the contract with SPMRs was “relational” and, as a consequence, imposed
on POL a number of obligations owed to SPMRs. In particular, the burden of proving that a shortfall was
owed by a SPMR was on POL. This judgment was a surprise to the POL team, both at legal team level and
at the POL Board.
2.86. Asa result of the surprise outcome of the Common Issues trial, from March 2019 onwards, the
POL Board also took a more active role in decisions related to the GLO, and it is notable that more
comprehensive written updates, rather than verbal updates from the GC, were provided to the Board for
consideration and relevant POL Board discussions were minuted more fully during this period. The POL
Board also instigated a change of its external legal team, its GC and significantly altered its strategy to
pursue settlement. The Shareholder Team continued to be actively engaged with legal advice by POL,
assisting the Shareholder NED to ensure he was able to mount appropriate challenge through his position
on the POL Board, and were also instrumental in the replacement of the legal team and adoption of more
agile, settlement focussed strategy.
Recusal Decision
2.87. The surprising outcome of the Common Issues trial also prompted POL to make an application
seeking the recusal of the managing judge of the GLO, Mr Justice Fraser on grounds of bias. This decision
was based on strong advice from very senior members of the judiciary, including Lord Neuberger (who
also attended a call with the POL Board) and Lord Grabiner QC.*°! The UKGI NED received this advice and
attended the Board call, but recused himself from this decision at Board level for conflict reasons: as a
representative of HMG, it would have been inappropriate for the UKGI NED to be party to a decision
which would seek to interfere in the workings of the judiciary. POL’s application for recusal was refused
and POL went on to appeal both the Common Issues judgment and Mr Justice Fraser’s decision to refuse
to recuse himself on the basis of legal advice that asserted both appeals were likely to be permitted’.
The Court of Appeal refused both applications for permission to appeal.
Horizon Issues Trial
2.88. The Horizon Issues trial commenced in the spring 2019 and finished in the summer of 2019, having
been adjourned soon after its start in March as a result of POL’s unsuccessful application to have Mr
Justice Fraser recused. At a high-level the issues in dispute and to be resolved included:
(i) whether bugs, errors and defects had the potential to affect the accuracy and integrity of data
(and whether Horizon was robust and resilient);
(ii) controls and measures for preventing/fixing bugs;
(iii) whether remote access to the system was possible;
100 Briefing Paper prepared by POL for meeting on 17 October 2018.
101 Submission from UKG! to Kelly Tolhurst dated 21 March 2019.
102 Minutes of a meeting of the Post Master Litigation Sub Committee on 24 April 2019.
25
UKGI00048174
UKGI00048174
(iv) availability of information;
(v) accessing and editing transactions and accounts; and
(vi) disputing shortfalls and corrections.
2.89. In December 2019, just before the judgment was handed down on the Horizon Issues trial but at
a time when the parties had seen the draft judgment, the GLO was settled. POL agreed to pay
approximately £57 million and to set up a scheme for addressing historic shortfalls suffered by other
SPMRs that were not part of the GLO. The POL Board supported the strategy of settlement and delegated
to the Group Litigation Sub-Committee and General Counsel authority to determine quantum during the
mediation. The UKGI Shareholder Team were actively involved in assisting HMG with its process to
approve POL’s settlement strategy process and sat on a joint BEIS-HMT-UKGI committee that was set up
for this purpose.
2.90. When judgement was handed down on the Horizon Issues trial on 16 December 2019 it was again
critical of POL and found that the Horizon IT system was not as reliable as POL had asserted. Mr Justice
Fraser’s key findings were overwhelmingly in favour of the SPMRs. For example, some of the key findings
included:
a. “There was a significant and material risk on occasion of branch accounts being effected in
the way alleged by the claimants by bugs, errors and defects.” The Court found that evidence
demonstrated that there were numerous bugs in Horizon, some present for many years, to
a far greater extent than POL had previously acknowledged;
b. It was possible for bugs, errors and defects of the nature alleged by the claimants to have
the potential to cause shortfalls or discrepancies and to undermine the reliability of Horizon
to accurately record transactions;
c. Fujitsu has the ability to insert transactions into branch accounts on a remote basis without
being visible to the SPMR in that branch either at the time or subsequently. This was an issue
that had only emerged fully during the course of the Horizon Issues trial. Indeed, Fraser J
observed that "the truth concerning remote access has now emerged in 2019, in group
litigation that started in 2017. I find it notable that the truth did not emerge in the first Fujitsu
witness statements that were originally served for the Horizon Issues trial". He further noted
that the “truth only finally emerged in later statements, which [Fujitsu witnesses] were
required to correct what I find were directly inaccurate statements".
d. In relation to POL culture: “the stance taken by the Post Office at the time [...] demonstrates
the most dreadful complacency, and total lack of interest in investigating these serious issues,
bordering on fearfulness of what might be found if they were properly investigated” 1 and
later in the same judgement, “/t ought also to be noted that the truth did not emerge
internally within the Post Office in the email answers provided to internal inquiries [...] by
senior Post Office personnel, such as the Chief Executive, who posed the specific question in
preparation for providing evidence to a Select Committee and asked: “What is the true
answer?” 7,
13 Bates & Ors v the Post Office Ltd (No 6: Horizon Issues) (Rev 1) [2019] EWHC 3408 (QB).
104 Extract of the findings of Mr Justice Fraser, GLO judgement paragraph 219.
105 As above, paragraph 545
26
UKG100048174
UKG100048174
3. PRELIMINARY LESSONS LEARNED
3.1, This section provides a preliminary overview of some of the lessons that can be learned from a shareholder perspective from POL's handling of the
Horizon issues. This is by no means an exhaustive list and UKGI Legal will consider further as its understanding of the facts and keys findings develops over time.
However, we have set out below some initial observations and principles that will help UKGI reflect on the practices it adopts in the performance of its shareholder,
role across its portfolio of assets. In reading this section, do note the following:
a. Many of these lessons benefit from hindsight and the actions proposed may not have been reasonably expected or accessible to relevant
stakeholders at the time;
b. Given the shareholder role UKGI performed for POL evolved over time, UKGI may not have been as well placed to take certain actions as it is in the
present;
c. We have separated the lessons learned into two sections: (i) new lessons learned from a governance perspective, both broad lessons and more
specific governance lessons and (ii) lesson re-learned which primarily focus on how the internal lessons learned by UKGI with respect to Magnox
were absorbed by UKGI from 2018 and the benefits gained; and
d. With respect to new governance lessons learned, we note that these have two distinct features: those that have broad implication for POL and its
Board and those that are designed to offer practical suggestions to UKGI Shareholder Teams,
LESSONS LEARNED IN RELATION TO GOVERNANCE — BROAD OBSERVATIONS
Whistleblowing
3.2. In the case of the Fujitsu Whistleblower, and in light of the public nature of the allegation and the fact that if the allegation was true it would have
contradicted POL’s public statements on the robustness of Horizon, it would be expected that the POL Board would ensure that an appropriate level of
investigations into the allegation had been undertaken, including the proper interrogation of Fujitsu and an exploration of whether the allegations made in
Panorama had a substantive basis. There is no evidence that the POL Board sought to do this at the time." (Further, given the issue of remote access was already
known to the POL Board, it should have considered whether the allegations of the Fujitsu Whistleblower impacted the POL Board’s view of the risk associated
with the Horizon remote access claims.] {Drafting Note: In light of the further work that needs to be done to ascertain whether the POL Board saw the Deloitte
Project Zebra final report in June 2014. UKGI Legal will need to revisit this assertion as the POL Board may not have been aware of the remote access finding.)
‘© The POL ARC considered POL’s whistleblowing policy in May 2017 following its adoption in May 2016.
27
UKG100048174
UKG100048174
Lessons:
1) Asset Boards need to be able to satisfy themselves that the asset has appropriate procedures in place to: (a) receive and assess whistleblowing claims;
{b) conduct an appropriate level of investigation into issues raised; (c) ensure any investigation will be independent and subject to appropriate
governance and oversight (in relation to which the asset should consider whether it would be appropriate to seek external legal advice); and (d) provide
visibility to the Board on potentially significant and/or high profile whistleblowing claims, including where there may be material financial, reputational,
and/or political risk associated with the allegations. The UKGI Shareholder Team should satisfy itself that in relation to each asset appropriate
procedures are in place and highlight (through the Shareholder NED) any concerns to the relevant Board.
2) The Shareholder NED must be aware of her/his responsibilities in this regard, including recognising the financial, reputational and political impact
significant and/or high-profile allegations may have on both the asset and the UKGI, as shareholder, and ensure that the Board and management of
the asset responds to such allegations in an appropriate manner. The Shareholder NED must also check that there is an appropriate level of reporting
to the asset’s Board on whistleblowing or other forms of complaints generally and on the investigation of any significant and/or high-profile allegations.
The Shareholder NED must be willing to challenge the assets management team if she/he has any concerns about the way such allegations are being
addressed, including whether there is a sufficient degree of independence and objectivity in the assessment of the allegations and the assets response
thereto.
3) Where significant and/or high-profile allegations arise in a public forum, the UKGI Shareholder Team must satisfy itself that the asset's Board is alive
to the risks that the issue might present, and that the allegations are being addressed in an appropriate manner. Where, for example, allegations are
raised by investigative journalists and have been subject to a degree of fact-checking before broadcast, it would be prudent for the Board to discuss
and consider the significance of the information being aired, independently of the perspective from executives who may not be able to examine the
issue as objectively. Further, in the case of UKGI, where the shareholder is HMG and is therefore subject to greater scrutiny than a traditional
shareholder, the UKGI Shareholder Team should consider whether and to what extent it would be appropriate for it to take a closer look at significant
and/or high-profile allegations and the conduct of and/or output from any investigation undertaken by the asset in relation thereto. UKGI may do this
directly or through the shareholder NED. In exceptional circumstances, UKGI may wish to consider initiating an independent third-party review.
4) The UKGI Shareholder Team must remain continuously curious and be prepared to challenge the asset’s Board on both the substance and handling of
any significant and/or high-profile allegations, to ensure that the merits of such allegations are being, or have been, objectively assessed. Where
assurances are provided by the management team in relation to such allegations, the UKGI Shareholder Team should take such steps as may be
appropriate to assure itself that the asset’s Board has been provided with sufficient information to test such assurances, including whether they have
been (or should be) the subject of independent scrutiny.
5) In addition, the UKGI Shareholder Team must periodically critically reflect on its own assumptions and biases in relation to the issue in question, to
ensure that it is providing strong and effective oversight.
28
UKG100048174
UKG100048174
Culture of our Assets
3.3. We note that issues relating to culture permeate the key timeline, for example, in relation to POL’s treatment of SPMRs and grievance handling, the
interaction between the POL Board and POL’s executive and POL’s seeming insistence that Horizon was robust. It is impossible for UKGI to opine or fully
understand what the root cause of these cultural issues was, but nonetheless, it is important that UKGI reflects on how it can, in the performance of its
shareholder role, scrutinise, the culture and values of the assets in its portfolio going forward.
Lesson:
1) Asset Boards are responsible for establishing an asset’s purpose, values and strategy and must be satisfied that these, and its culture, are aligned. The
Board is responsible for promoting the desired culture within the asset."”” Correspondingly, UKGI Shareholder Teams must be able to articulate what the
culture, purpose and the values of an asset are, how an asset’s culture is embedded into its strategy and business plan.
2) Likewise, UKGI Shareholder Teams must use Board effectiveness reviews to assess whether an asset is acting in accordance with the culture and values
it articulates. As part of assessing a Board's effectiveness review, UKGI should seek to assure itself that the asset’s culture is open, transparent and one
where “bad news” can be surfaced without defensiveness, with the Board having the ability to take a detached view of the culture in the asset (including
how the leadership is living the culture and values).
3) Given the importance that culture plays in the corporate governance of an asset, UKGI should table “culture” as a regular agenda item at quarterly
shareholder meetings and in discussions with the asset’s CEO and Chair.
4) Performance reviews of Chairs and CEOs should also focus on culture and values. In addition, an emphasis on culture and values should be a feature of
the Chair's letters that Departments issue annually with UKG!'s input.
5) Where UKGI has concerns or misgivings related to culture, this should be a red flag for both the UKGI NED and Shareholder Team and extra vigilance in
terms of monitoring these concerns should be undertaken, including formal escalation to the asset’s Chair and alerting the relevant Permanent Secretary
and/or Ministers.
6) _UKGI Shareholder Teams should also receive regular training on issues related to culture and corporate governance.
Cultural Attitude toward Horizon and Postmasters
107 See FRC’s Corporate Governance Code 2018, Board Leadership and Company Purpose: Principle B.
29
UKG100048174
UKG100048174
3.4. For POL, Horizon meant the computer system but as Mr Justice Fraser found the “Horizon system” was not just the IT, it was also the process for disputing
and correcting errors, the telephone helpline, the adequacy or otherwise of training and the day-to-day experience of running a busy post office. The reliability
of the IT system was important but even had it been 100% reliable, these other aspects of the “system” were equally important and issues with any of them
could have provided explanations for why SPMRs were experiencing shortfalls. We have a few observations in relation POL's approach:
i. It is clear in hindsight that POL needed to take a holistic approach to Horizon in order to understand the whole SPMR experience and the issues at
the core of their experience. In light of the range of advice POL received at that time and its confidence in the robustness of Horizon, it seems that
POL took a too legalistic approach to the mediation scheme. From what we can gather, POL appeared concerned about how any concessions in
relation to Horizon might impact the legal arguments, without perhaps fully appreciating the wider human, reputational and business impacts. The
broader merits of the SPMR’s claims seem, therefore, to have been overshadowed by the focus on the technical ‘Horizon question’.
ii. It is not clear to what extent the Board met with the JFSA or their representatives or took steps to empathise with the complaints the JFSA were
raising. As a result, the Board may have had too sanitised a perspective of the Issues and the human impact Horizon had caused in practice, despite
the hundreds of prosecutions for which POL were responsible.
Lesson:
1) _ Inthe future, where an asset is dealing with significant operational or legal matters, UKGI must be assured that the significance of the issues in question
are being viewed holistically and must consider whether the Board has an independent lens on how issues are being calibrated and absorbed by the
asset. In taking further steps to gain this assurance, UKGI must of course be mindful that any further action does not circumvent the engagement of
the Board. Options could extend to (i) asking the Board to ensure it receives presentation and/or insights from individuals within the asset who have
not been involved in the process to date, and therefore able to interrogate and challenge objectively without being hampered by historic or contextual
trappings; (ii) asking the NED responsible for employee engagement to investigate more fully at a working level; and/or (iii) encouraging the
commissioning independent Board-level third party advice/assurance.
2) Where there is a growing number of stakeholders raising complaints against an asset, the Board must consider meeting with the affected stakeholders
directly and should go further in terms of trying to gain the perspectives of the affected stakeholders with respect to the issues being raised. Empathy
is crucial in these instances and taking the time to talk directly to the stakeholders or commission Board-led surveys for example, will help the Board
appreciate the issues for different perspectives and potentially reach more rounded outcomes.
Assets and operational independence - what level of intervention is appropriate?
30
UKG100048174
UKG100048174
3.5. We are aware, from the documents we have reviewed to date, that HMG’s response to POL issues with Horizon and its relationship with SPMRs was
characterised as an “operational matter” for POL and one which Government should not unduly interfere with. As a Public Corporation POL benefits from
significant independence from BEIS/UKGI and it is right that BEIS as shareholder, and UKGI as its representative, should not seek to intrude too far into areas of
day-to-day management.
3.6. However, itis important that the level and degree of appropriate challenge from either the relevant Department or UKGI remains under constant review,
notwithstanding its legal structure or the BAU independence afforded to it as a result of its ALB classification. In any HMG-asset relationship there may come a
tipping point in favour of greater shareholder intervention and scrutiny: UKGI must continuously challenge itself by asking whether that point has been reached.
Where such a tipping point has been reached, UKG! must be prepared to be insistent in terms of receiving further assurance where corporate governance red
flags are being raised. Such challenge may have to go beyond the regular dialogue that exists between the UKGI Shareholder Team and the asset’s executive.
Utilising the role of the Shareholder NED to challenge the asset’s Board to look at these issues in further detail and/or raising corporate governance concerns
directly with the relevant Permanent Secretary or Ministers could provide other avenues for the more insistent challenge that “tipping points” require.
3.7. Where further challenge or scrutiny is deemed necessary, Shareholder Teams and/or UKGI NEDs should not feel constrained by either the descriptions
of their roles in Framework Documents/company Articles and/or pushback from the asset's management team that they are overstepping the bounds of a non-
executive role.
Lessons:
1) Where an asset's Board is dealing with significant issues, UKGI should, in the exercise of its corporate governance role probe:
a. whether the Board is fully exercising their s. 172 Companies Act 2006 duties to broadly act in the best interests of the asset and its
stakeholders as a whole; and
b. whether the Board has considered the relevant broader HMG policy and ViM interests.
Most importantly, UKGI should satisfy itself that an asset’s Board should be considering both (a) and (b), with the same degree of intensity and in
tandem, when gauging whether a “tipping point” has been reached.
2) Where an asset is grappling with an issue that had significant reputational, stakeholder impact and/or VFM consequences it is appropriate for UKGI as.
the shareholder representative to consider whether it needs to further challenge the asset’s Board on strategy, risk calibration and overall direction,
including whether a “deep dive” into these matters is appropriate.
3) Where performing a more intensive review, UKGI will have to consider its role to ensure that governance lines are not blurred and that the relevant
sponsor Department and Minister are supportive of a more hands-on approach. Note that this must be the case in respect of all matters which fall into
this category, not just where matters are litigious.
31
UKG100048174
UKG100048174
4) Lastly, it is important to document enhanced scrutiny to the extent possible, both in terms of Shareholder NED’s challenge of the Board or executive
and the UKGI’s Shareholder Team’s challenge. This is not just for the creation of a “just in case” audit trail but so multiple examples of how UKGI is,
insisting that an issue should be examined can be shared with relevant stakeholders e.g., Departmental Perm Sec, relevant Ministers, should the matter
need to be escalated. For example:
a. It would be helpful for key meetings between the asset and UKGI/relevant sponsor department at which an increased level of shareholder
concern is being raised to be minuted;
b. Equally, where the UKGI shareholder team is challenging the assets on key issues, ensuring that challenge via phone calls are followed up on
email is helpful; and
Not all challenge mounted by the Shareholder NED will be evident from Board minutes which, for HMG owned assets, are often prepared
with publication in mind. Whilst we do not expect or recommend that the Shareholder NED insist on formally correcting the record, recording
challenge via a file note could be helpful, as well as ensuring that discussions with the executive and/or other Board members are captured
via email.
Clear Delineation between Policy and Shareholder Roles
3.8. Until August 2018 (and the establishment of the BEIS policy team), UKGI held the combined policy, commercial/financial and governance functions in
respect of POL, which included dealing with a high volume of correspondence from MPs and affected stakeholders, liaising with POL on Horizon matters, and, to
a more limited extent, formulating policy on behalf of the department with respect to POL (e.g. leading public consultation exercises to determine future funding
and service level requirements).
3.9. This dual function may have made the role of objectively challenging POL and its Board harder to deliver in practice. Whilst the policy function is
responsive to ministers and therefore reflects the prevailing position of the sponsoring department, the shareholder role’s objective focus on corporate
governance matters must consider a broader set of perspectives and issues and should be performed for the benefit of the Exchequer as a whole.'°* Shareholder
Teams should have the ability to assess and determine the appropriate course of action for an asset and/or provide challenge to a pre-existing policy position
when new information comes to light notwithstanding the level of ministerial or parliamentary difficulty that may ensue.
3.10. Developing best practice within UKGI since 2018 advocates for the separation of the policy function from the shareholder role to permit the relevant,
Shareholder Team to focus specifically on commercial/financial monitoring and corporate governance oversight, and to be able to provide an independent and
impartial view of the operation of departmental policy without being burdened with the consequences.
108 Managing Public Money describes this a guiding principle for all public policy activities:
https: //assets publishing service.gov.uk/Government/uploads/system/uploads/attachment_data/file/994902/MPM Spring 21 with annexes 180621.odf
32
UKG100048174
UKG100048174
3.11. Whilst policy and shareholder interests are often aligned, there may be circumstances where the two roles conflict. Particularly in the context of stressed
situations (including the challenges being faced by POL), there can be a degree of divergence between the interests and areas of focus of the policy and
shareholder roles. A separation between the two functions is especially crucial where conflicts to arise to avoid one or both roles being compromised.
Lessons:
1) UKGI must ensure that its operating model does not allow for the performance of policy functions alongside the shareholder role. The two roles must
remain separate. It is an essential element of the shareholder role that UKGI teams can critically assess the impact and effectiveness of policy in the
context of assets and are not unduly influenced by policy considerations.
2) Particularly in the context of stressed situations, it is possible that there could be a divergence of interests between the policy and shareholder roles.
UKGI teams should endeavour to ensure there is appropriate separation between the roles to allow them to fully and properly focus on independently
challenging the asset’s performance, without being unduly influenced by policy objectives they were involved in formulating.
3) UKGI must critically assess whether the asset is performing in line with the best standards of corporate governance and be able to brief Perm Secretaries
and/or Ministers that red flag concerns are being raised, even where officials within the policy function may not share the same concerns.
4) UKGI teams should ensure there is clarity with the relevant Departmental policy team as to who will lead on mounting constructive challenge of material
issues e.g,, litigation, particularly as these may well involve both policy and corporate governance considerations and the viewpoints of when and how
to mount constructive challenge may not always be aligned.
5) Infuture, in the rare and unavoidable circumstances where UKGI takes on shareholder responsibility for an asset which is outside its shareholder model,
i.e. a dual policy/governance function or an asset for which a UKGI NED cannot be appointed, careful consideration will need to be given as to how
UKGI will deploy its shareholder operating principles in practice.
LESSONS LEARNED IN RELATION TO GOVERNANCE — PRACTICAL SUGGESTIONS
Legal Privilege
3.12. We note that the POL General Counsel regularly withheld written information from the POL Board and shareholder, including the final Parker Review in
2016, and other legal updates. As the Chair of the POL Board, Tim Parker should have ensured that the Parker Review was actively commissioned with the view
of sharing its findings with the POL Board (and more broadly with the shareholder who had initiated this work), and any contrary view offered by the POL General
Counsel should have raised a red flag in terms of the transparency of information flow to the POL Board more generally.
33
UKG100048174
UKG100048174
Lessons:
1) While it is very important that legal privilege is preserved in relation to an asset’s legal advice, it is also important that an asset’s board can consider
legal risk in the round and is properly informed of material developments. The shareholder should also be permitted to see legal advice. Legal privilege
should not be used to prevent sharing of legal advice. Where UKGI is aware that this argument is being presented to prevent the sharing of advice to.
either an asset’s Board or the shareholder it should challenge this robustly.
2) _UKGI should offer regular training to Shareholder Teams on what legal privilege is and how it operates in practice.
Independent Investigation and Mediation
3.13. The mediation was a very public step toward reconciliation and had the Scheme succeeded it would have likely prevented a critical mass of SPMRs joining
forces in the subsequent GLO. There were @ number of contributing factors that led to the breakdown in the Scheme, including.
a. _ the capacity and capability of Second Sight were a contributing factor in the slow delivery of the Scheme;
b. POL arguably took too legalistic an approach to individual cases and were, in the eyes of the JFSA, not willing to fully co-operate with Second
Sight or consider whether issues with the wider system (training, helpline etc - see below) could have caused losses;
c. there was a general sense at POL that expectations of compensation had been overstated and there was a general misunderstanding of the
limitations of mediation (in particular with respect to the overturning of convictions}, which resulted in SPMRs inevitably being dissatisfied
outcomes; and
d. it appears that once the GLO was in prospect, POL’s perception was that there may have been some reluctance on the part of the SPMRs to
reach resolution through the mediation scheme in case this prevented them from joining future proceedings.
3.14. As such, the broader merits of the SPMRs claims seem to have been missed. BEIS and ShEx kept at an arm's length distance from the Scheme, considering
it to be an operational matter for POL and potentially relying on the involvement of the CER. Given the significance of the Scheme’s success for POL, it may
have been helpful for the shareholder to challenge POL further on its willingness to compromise and engage in the process.
Lesson:
1) Where an asset is taking steps to resolve an important dispute with a key group of stakeholders, UKGI should take steps to gauge whether the Scheme
and any key appointed advisers can deliver the intended objectives. Given the reputational and financial implications of alternate dispute resolution
failing, UKGI should encourage the asset to engage as fully as possible with the concerns being mounted by the affected stakeholders.
34
UKG100048174
UKG100048174
Support for Shareholder NEDs and Teams
3.15. The demands and requirements of the role of the Shareholder NED will vary according to the needs of the specific asset during the period of appointment
and the business cycle as well as the asset's relationship with Government. Given the expectations that the Shareholder will provide Government's perspective
to the Board, the role of Shareholder NED can be a lonely position, notwithstanding that considerable support that is available to UKGI NEDs from within UKGI
currently.
3.16. Inevitably, there are times when the Shareholder NED will need additional and bespoke support to enhance the effectiveness of their role. This is
particularly the case when there is a need for a Board to step into a more hands-on role and assume control of a specific issue. In addition, the Shareholder Team
may also require further support from within UKGI to test the approach to the oversight and management of challenging issues the asset may be facing
Lesson:
1) In the future, where an asset is dealing with significant operational, legal or other challenges, UKGI should be assured that the Shareholder NED is
receiving sufficient support from the wider organisation. This may involve arranging for additional targeted support and/or training to UKGI NEDs over
and above the significant training offer that UKGI provides.
2) Further, UKGI NEDs and Shareholder Teams working with assets which are experiencing significant challenges should be encouraged to draw fully on
the experience and learnings of other UKGI teams who have faced similar issues. UKGI’s own internal risk, assurance and portfolio processes also
provide a safe space where issues can be raised and debated, and knowledge shared. In addition, Shareholder NEDs and Teams should be encouraged
to utilise the corporate governance and NED forums, ad hoc portfolio review process or indeed ExCo and UKGI Board members as a source of additional
support.
3) Lastly, to the extent that an asset’s Board is grappling with challenging issues on which external advice would be beneficial, the Shareholder NED can
always raise with the Board the prospect of it commissioning its own independent advice, separate from the executive, as is often permitted within an
asset’s constitutional arrangements.
Board Access to Key Advice - Legal and Non-legal
3.17. We note that at various critical moments in the chronology outlined in section 2 above, the full POL Board does not appear to have had access to, or to
have been consulted on, crucial external advice (see Annex 2, below). For example, this appears to be the case for the final Seconal Sight Report and the Tim
Parker Review. This may have hampered the POL Board's ability to view the assurance being provided on Horizon holistically and to offer challenge and an
independent view to that of the POL executive at critical moments.
35
UKG100048174
UKG100048174
3.18. In addition, throughout the early stages of the GLO, updates were provided to the POL Board verbally by the General Counsel. This was framed as
intended to protect legal professional privilege. However, the protection of legal privilege should not be used to prevent the full sharing of information with the
POL Board and Shareholder Teams. With the benefit of hindsight, it appears that the Board were not fully aware of the detail of the legal advice received in
respect of the GLO, and were therefore unable to properly calibrate the level of risk involve or garner a full appreciation of the complexity of the issues.
Lessons:
1) —_-UKGI should actively encourage Boards to request assurances from the executive team that they are seeing all commissioned advice in relation to
challenging issues and should have the opportunity to input into the scope of advice commissioned, read the advice obtained in full, and directly meet,
with the advisers providing the assurance.
2) _UKGI Shareholder Teams (particularly shareholder NEDs) should encourage the executive to actively share material legal advice with as asset’s board
to ensure the board has full visibility and the legal advice being presented is not being overly simplified, inadvertently diluted or coloured by the views
of the executive. Particularly where an asset is facing material litigation, there is no substitute for an asset’s Board in seeing legal advice in full and to
gauge how questions are being posed and risks opined upon. As per the litigation protocols, UKGI puts in place with its assets, this flow of information
should also come into the relevant Department and Shareholder Teams. See the related lesson at paragraphs 4.3 and 4.4 below.
Skill set of asset's Boards
3.19. As was the case for Magnox, it appears that the POL Board may not have been sufficiently robust in challenging the POL executive, nor was it fully
informed of the relevant facts at the appropriate time. It also appears that the POL Board may not have fully understood the complex IT issues posed by the
Horizon system or the external assurance (and any limitations of such assurance) that it did receive on the robustness or reliability of Horizon. Between 2012-
2020, POL did not have a NED on the Board with specialist IT skills and in hindsight, such experience could have benefitted the POL Board enormously."
Lessons:
1) Particularly where assets are experiencing significant challenges, UKGI should encourage an asset's board to further reflect on whether it has the
necessary skill set and experience, particularly where the issues are technical in nature such as those being raised in relation to the Horizon IT system.
Where specific or specialist skills cannot be retained, the Board could consider obtaining further technical expertise on certain issues via the
appointment for a Board adviser.
% Richard Callard has noted that from 2016 onwards it did take some reassurance from the presence of Ken McCall on the Board, who was also Furopcar’s Director of Global IT. Ken also served
as SID and Head of RemCo.
36
UKG100048174
UKG100048174
2) It is always important for an asset Board to have access to a range of skills that are appropriate to the nature of its business, the challenges the asset is
facing, and the market in which it is operating. UKGI Shareholder Teams should undertake regular [annual] reviews of board skills in conjunction with
an asset’s Chair to inform succession plans and board member appraisals. Such reviews should also consider whether, in the round, Shareholder Teams
are satisfied with the range and level of skill around the board table. Where an asset board has a need for additional or specialist skills, whether on a
permanent or temporary basis, UKGI Shareholder Teams should be encouraged to make appointments to asset Boards, even where this may take the
total membership above the suggested maximum levels.
LESSONS RE-LEARNED IN RELATION TO LITIGATION
Oversight of the litigation
4.1. ASUKGl learned in the Magnox competition, it is crucial at the outset of any substantial litigation that UKGI should agree with the relevant department,
and its lawyers, how oversight of the litigation will be provided. Until mid-2018, other than the visibility that UKGI gained via the Shareholder NED on the POL
Board, UKG! and BEIS were not sighted on the detail of the legal advice relating to the GLO. Post-2018 (and following the application of Magnox lessons to the
POL litigation) UKGI and BEIS increased visibility and opportunity for challenge significantly, however it took the unexpected adverse outcome of the Common
Issues judgment and growing media/parliamentary pressure to catalyse POL's engagement with HMG (at both an official and Ministerial level).
4.2. More developed engagement with POL from the early stages of the litigation could have helped establish more collaborative interaction between the
POLand Shareholder Team throughout the process, rather than having to strive to ‘change the model’ later in the process which POL were initially resistant to.
Lesson:
1) Going forward, UKGI Shareholder Team must work proactively with assets to ensure that, as per best practice, the framework document includes
provisions for litigation updates and protocols where necessary, and to establish the framework of transparent information sharing in respect of litigation
as the ‘second nature’ approach in respect of substantial litigation.
Asset’s legal capability
4.3. One of the key findings in the Magnox lessons learned was that where a substantial legal challenge is mounted against an asset, UKGI should assure itself
of the asset's internal legal capability. The UKGI Board may recall that in the context of Magnox, the NDA’s in-house legal team was not sufficiently experienced
or staffed for the ES litigation and that while UKGI insisted on additional internal resource after the judgment was rendered, this should have been done earlier.
37
UKG100048174
UKG100048174
4.4. With respect to the GLO, POL had a large in-house legal team and a plethora of support from external legal advisers. However, POL's entrenched view
was that the Horizon case was without merit and while the POL General Counsel provided verbal updates to the POL Board as the litigation progressed, there
does not appear to have been much written briefing, little discussion of strategy and no record in the board minutes of challenge.
45. From 2018, UKGI made several attempts to engage with the POL General Counsel to develop a clear contingency strategy and to consider the merits of
settlement although this was met with significant reticence. This was due to a reluctance on the part of the POL General Counsel to share information with the
shareholder on the basis that it might jeopardise the protection of POL's legally privilege advice.
Lessons:
1) Inthe future, from the early stages of litigation, the UKGI Shareholder Team must assure itself of the quality and capability of an asset's team and must,
secure, via a litigation protocol if appropriate, a regular flow of information from the asset and into UKGI and the relevant Department, including the
underlying legal advice.
2
Shareholder Teams must be conscious that concerns in respect of capability are not limited only to capacity or skill set of the asset’s legal team, but
should also consider the fatigue effect of litigation and the possibility of the team adopting a ‘hive mindset’ which inhibits constructive challenge in
respect of strategy and approach.
3) UKGI Shareholder Teams must ensure that they foster a good relationship with an asset’s General Counsel, including where there is material litigation,
asking them to attend Quarterly Shareholder Meetings.
Litigation Strategy and Mitigation of Legal Risk
4.6. The UKGI Board may recall that throughout the Magnox litigation, the NDA Executive Team portrayed the litigation as a “try-on” and entirely without
merit. However, litigation is universally recognised to be uncertain, and even a small risk of a very significant set-back requires mitigation. One of the key Magnox
lessons learned was that UKGI should ensure a full discussion of the legal strategy to ensure risk mitigation has been fully considered by the asset’s Board with
input from the Shareholder where necessary.
4.7. Ina similar vein to Magnox, and as set out above, POL's entrenched view was that the Horizon case was without merit. While certain positive steps were
taken in 2018, UKG!'s attempts to engage with POL's legal team on legal strategy were met with a degree of resistance and opportunities to influence outcome
were lost. For example, only seeking a merits advice five months away from the Common Issues trial meant there was insufficient time for the parties to seek to
mediate the dispute (particularly as they had to prepare for the trial during that time)
Lessons:
38
UKG100048174
UKG100048174
1) In the future, where an asset is defending material litigation, UKGI must work with the asset to assure itself that the asset is implementing a robust
litigation strategy informed by proper contingency planning and an understanding of the various possible outcomes (financial, operational, reputational)
based on a range of scenarios (worst to best). Any strategy needs to consider settlement options and, in significant litigation, be tested by second
opinions.
2) _UKGI must encourage the asset to get merits opinion at an early stage and consider getting a second opinion from a claimant friendly QC to provide
balance.
3) In certain circumstances, the asset’s Board could also seek to employ its own litigation expert or Board advisor to help the Board assess the risks the
litigation poses to the company and to help them mount robust challenge of the asset’s legal team.
Note that all the above is even more critical when,
be very influential in any settlement discussions.
gation funders are involved. That fact will also influence the litigation strategy as litigation funders will
The Importance of Multiple Legal Opinions
4.8. As per the Magnox lessons learned, UKGI should insist that the asset consider more than one external legal opinion to ensure that legal advice and
identified risks are thoroughly tested. Further, it should ensure that any opinions and their authors are put before the asset’s Board so that the Board can take
strategic decisions with proper calibration of legal risk. It is also important to understand the instructions on which these opinions were provided as these may
also indicate conscious or unconscious bias, or entrenchment of views.
4.9. POL received significant support in relation to Horizon before litigation was contemplated and once it had commenced. POL had external civil solicitors,
and a team of counsel, including two QC’s, advising on the GLO. The advice POL received on the strength of their legal case entrenched their view that their
chances for winning the GLO were very strong. For example, in relation to the Common Issues trial, Linklaters provided advice on the parties' obligations under
the contract, which firmly supported POL’s position that the burden was all on the SPMRs.
4.10. However, a merits opinion was not sought until mid-2018 and there was only limited consideration of settlement options. A review of the POL Board
minutes indicates that, in particular prior to 2018, litigation discussions at the POL Board were primarily precipitated by a verbal update from the POL General
Counsel and that the POL Board did not have regular direct access to legal advice or advisors.
Lesson:
39
UKG100048174
UKG100048174
1) UKGI must consider and challenge legal advice received by assets in respect of key litigation and seek to ensure it is satisfied that counsel assessment /
recommendations have properly addressed all relevant points.
2) Where the UKGI Shareholder Team identify the possibility that the asset legal team have become entrenched in their views, they might consider
whether it is appropriate to commission a second opinion or alternative form of challenge to ensure the litigation strategy remains agile and capable
of reacting to unexpected events.
Challenging an Asset on its Choice of Legal Adviser
4.11. As per the Magnox lesson learned, in substantial litigation cases, UKGI must consider challenging an asset’s Board on its choice of legal advisers. After
the judgment in the Common Issues trial was handed down in March 2019, the POL Board, including the Shareholder NED who played an instrumental role,
pushed for and were successful in causing POL to: (a) change its internal and external legal team, including the exit of POL’'s General Counsel in 2019 from the
business and the engagement of a new external law firm, and (b) develop a strategy for settlement. Without these key changes reaching a settlement at that
time would have been incredibly problematic.
Lesson:
1) __ Inline with the Litigation Guidance UKGI has developed, in future UKGI must be included on an asset’s decisions on when to consult or engage new
lawyers for refreshed thinking on a course of action. UKGI Shareholder Teams must also consider periodically whether an asset’s legal team composition
remains effective and appropriate at relevant points in the conduct of litigation, to allow them to flag to the asset if they think testing the status quo
necessary.
40
ANNEX 1
TIMELINE OF KEY EVENTS.
Precursors to Litigation
Litigation Milestones
‘ShEx/UKGI Involvement
UKG100048174
UKGI00048174
Wider HMG
Involvement
Date Event Development of the Shareholder Role
1999-2002 Horizon IT system (Horizon) rolled out across the Post Office network. At this time, Post Office Counters
Ltd (subsequently POL) was a wholly owned subsidiary of Royal Mail (and remained so until 2012)
November 2009 I A number of (mostly former) subpostmasters (SPMRs) grouped together under the banner of the
“Justice for Subpostmasters Alliance” (JFSA) to raise issues with Horizon: that had in many cases led to
dismissal, convictions and recovery of losses by POL. The JFSA entered into correspondence with
ee inisters and MPs during the course of 2009/10 Hai sess eimieine bse
Late 2011- May I The JFSA, supported by James Arbuthnot MP, raised a complaint with Paula Vennells (POL CEO) and Alice
2012 Perkins (then-POL Chair), claiming that Horizon had caused losses which SPMRs had had to make good
and in some cases been prosecuted for. POL's Chair and CEO then briefed the Post Office Minister (first
Ed Davey and later Norman Lamb) on these claims
April 2012 ‘© POL separated from Royal Mail (which was subsequently privatised) and remained a public corporation I 2012 = 2014
(now with its own Board). * NED relationship: NED (Susannah
* On separation, the BEIS SoS was granted a Special Share with certain rights attached (per POL's I Storey) not part of the Shareholder
Articles). BEIS' shareholding was managed by ShEx and the BEIS SoS appointed a NED to represent it I Team (Team)
on the POL Board (the NED was not a part of the POL Shareholder Team) I © Team: Policy, commercial and
July 2012 In response to the claims, POL and JFSA jointly commissioned an independent firm of forensic governance functions combined
accountants, Second Sight, to examine Horizon for evidence of flaws which could cause accounting * ExCo support: Anthony Odgers
discrepancies * Governance framework: POL's
8 July 2013 Second Sight issue an interim report, finding no evidence of systemic flaws. Articles, with the rights attached to
The Post Office Minister (then Jo Swinson) gave an oral statement to in the House of Commons on these ___the Special Share
findings
4
UKG100048174
UKG100048174
Autumn 2013 I POL established the Complaint Review and Mediation Scheme (Scheme) in consultation with JFSA, MPs I ¢ Meetings: QSMs, Monthly Finance
and Second Sight as an avenue for SPMRs to raise individual concerns. 136 individual cases were Meetings (POL CFO), Head of Team/
accepted into the scheme and investigated POL Chair/ CEO Meetings
* Information flow: no Board Packs.
Constant flow of information between
the Team and POL counterparts
* Risk Reporting: per BIS processes.
Including risk register and portfolio
reviews
March 2014 Richard Callard is appointed as the successor NED on the POL Board. The NED also sat on the POL Board I 2014-2018
subcommittee (Sparrow) dealing with the Scheme I © NED relationship: NED (Richard
July /September I Second Sight produce their second report which describes branch operating procedures and related I Callard) is the Head of the Team
2014 Horizon functions. Second Sight raise specific concerns and POL publishes a response * Team: Policy, commercial and
17 December ‘Westminster Hall Debate on Horizon issues and the Scheme governance functions combined
2014 * ExCo support: Anthony Odgers, Justin
3 February 2015 _I BIS Select Committee hearing on Horizon issues and the Scheme Manson
March 2015 The Scheme closed. 41 of the 136 cases had been resolved. POL write to the Post Office Minister outlining I ¢ Governance framework: POL's
the outcomes of the scheme. Sparrow subcommittee disbanded Articles, with the rights attached to
March 2015, BIS Select Committee wrote to SoS Vince Cable on Horizon issues the Special Share
April/May 2015 _I Final Second Sight report published, and POL publishes its response. CCRC announces it will consider cases I + Meetings: QSMs, Monthly Finance
from SPMRs Meetings (POL CFO), Head of ShEx
7 huly 2015 Baroness Neville-Rolfe (as well as SoS BEIS) agreed with ShEx advice that HMG should keep its distance I POL Team / POL Chair/CEO Meetings
from the dispute (a matter for POL) and resist JSFA calls for further independent investigation I © Information fiow: Team receive all
October 2015 —_I Tim Parker appointed POL Chair and tasked by Baroness Neville-Rolfe with conducting a review into the I _ Board Packs. Constant flow of
issues. Support is provided by a QC information from POL to the Team
10September _I Early Day Motion tabled on Horizon issues Risk Reporting: UKGI risk register
2015 capturing key risks to POL and UKGI,
March 2016 Tim Parker writes to Baroness Neville-Rolfe advising as the outcome of his review and the further actions I _ together with regular Portfolio
he was taking [Preliminary conclusion of the review by the POL Chair finds no systematic problem with the I Reviews
Horizon system}
April 2016 ‘A High Court claim was issued against POL
May 2016 Baroness Neville-Rolfe agreed with ShEx advice to continue the approach that it is a matter for POL to I
resolve [Review halted following legal proceedings lodged against POL by the JFSA. CCRC also initiate I
review the POL cases}
I
i
42
UKG100048174
UKG100048174
I ¢ NED relationship: NED is the Head of
I * Team: BEIS Policy Team created to
March 2017 Group Litigation Order was made
October 2017 Case Management Conference set out litigation stages and issues to be addressed. Approximately 550
claimants had joined the litigation
March 2018 Richard Callard is succeeded by Tom Cooper as the NED on the POL Board. I 2018 - present
POL Board subcommittee established to oversee the li
July / August BEIS Post Office Policy Team set up to cover policy engagement on POL. The UKGI Shareholder Team carry I the Team
2018 ‘out the commercial and governance functions only. i
17 October 2018 I POI’s CEO and Legal Counsel briefed Minister Tolhurst and the Permanent Secretary on upcoming trial,
merits opinion and contingency planning for dealing with an adverse outcome in the GLO
have oversight of policy. UKGI Team
cover commercial and governance
5 November - 6
“Common Issues" Trial to determine the terms of the contract in force between POL and SPMRs, including
functions. High level of collaboration
between BEIS and UKGI.
Governance framework: BEIS/UKGI
MoU agreed Dec 2019. BEIS /UKGI
/POL Framework Document agreed
March 2020.
* Meetings: QSMs, Monthly Finance
Meetings (POL CFO), NED / POL Chair
Meetings, together with regular
meetings between BEIS SoS, POL
Chair, NFSP and ad hoc meetings.
* Information flow: Team receive all
Board Packs. Constant flow of
information from POL to the Team
© Risk Reporting: UKGI risk register
capturing key risks to POL and UKGI,
together with regular Portfolio
Reviews
December 2018 _I implied terms, by examining “23 common issues”
March 2019- —_I POL engage a new legal team (Herbert Smith Freehills) and focus on developing and implementing a
November 2019 _I settlement strategy
11 March 2019 I "Horizon Issues" Trial commenced to look at 15 issues in relation to the integrity of Horizon, most
significantly the reliability of Horizon and the extent to which it was the root cause of shortfalls in
postmaster branches
15 March 2019 _I Judgment on Common Issues Trial (CU), finding that POL’s contract with postmasters is relational and, as.
a consequence, various terms must be implied into it that put the onus on POL to establish that losses
were caused by SPMR’s. The judge also criticised POL for its handling of the case and for its conduct in
dealing with the claimants
March — June * Horizon Issues Trial suspended following recusal application by POL on 21 March; this application was
2019 refused on 9 April, appealed to the Court of Appeal on 11 April and refused again on 9 May
Horizon Issues Trial resumes on 4 June
* POL's application for permission to appeal the Cll denied on 23 May and POL apply to Court of Appeal
for permission to appeal the CU on 13 June
November 2019 I Permission to appeal the Cl! rejected by the Court of Appeal on 22 November. Mediation between POL
and claimants begins
10 December Settlement Agreement reached: POL agreed to pay £57.75m and to set up the Historic Shortfall Scheme
2019 (HSS) to address shortfalls suffered by other SPMRs not part of the GLO
116 December Judgment on Horizon Issues Trial. The parties had received a draft of this judgment before they reached
2019 the settlement on 10" December 2019 so were fully aware of its contents
26 March 2020 _I The CCRC announce their intention to refer 39 cases of convicted SPMRs to the Court of Appeal
3 June 2020 The CCRC announce a further 8 referrals to the Court of Appeal (47 total)
43
2 October 2020
POL submit their respondents notice to the Court of Appeal stating their position on the appeals — they are
not opposing 44 of the 47 cases referred by the CCRC
11 December
2020
‘The convictions of 6 SPMRs overturned by the Court of Appeal
UKG100048174
UKG100048174
44
UKG100048174
UKG100048174
ANNEX 2
[OVERVIEW OF POL ASSURANCE ~ TO BE COMPLETED]
“Horizon: Desktop Review of Assurance Sources and Key Control Features’ and an accompanying ‘Board Briefing’ prepared by Deloitte Report in May and June 2014 (Project Zebra)
Scope I * _ Deloitte review consisting of: (i) a desktop exercise to assess the control framework within which Horizon operates; and (ii) an assessment of the integrity of the Horizon
processing environment at implementation (i.e. to determine whether Horizon was set up correctly); and (il) a response to the most significant thematic issues raised by
Second Sight.
‘+ Limited in scope and detail. Based primarily on a review of documents and from discussions with POL and Fujitsu as to the design of Horizon. Review did not involve
independent testing of Horizon or a review into the extent to which the documents supplied correctly reflected the implementation of Horizon
‘* Deloitte proposed a second phase of work (particularly looking into non-traceable “phantom” transactions) which would entail a deeper dive assessment, but phase two
did not take place.
Key ‘© Identified a lack of monitoring controls in relation to some matters but did not find that the system as designed would not deliver its operational objectives.
Findings I * —POLis reliant on the design features identified having been implemented and operated as described. However, Deloitte could not confirm that this was the case and
reported that one design feature was in fact discovered to have not been implemented as expected (Horizon: Desktop Review of Assurance Sources and Key Control
Features, p.5). Deloitte suggested that further work be undertaken to verify this.
* Identified and investigated five matters relating to the design and operation of Horizon that were ‘critical to supporting POL's legal position’ (Board Briefing, p.2):
1. Horizon only allows complete baskets of transactions to be processed;
2. Baskets being communicated between Branch and Data Centre are not subject to tampering before being copied to the Audit Store;
3. Baskets of transactions recorded to the Audit Store are complete and ‘digitally sealed’, to protect their integrity and make it evident if they have been tampered wit
4
B
Horizon’s Audit Store maintains and reports from a complete and unchanged record of all sealed baskets; and
Horizon provides visibility to Sub-postmasters of all centrally generated transactions processed to their Branch ledgers.
‘+ Some SPMRs' allegations relate to periods outside of the seven-year storage period for Audit Store data, beyond which data had been permanently deleted (Board
Briefing, p.3)
‘+ Prior to assurance reports provided by Ernst and Young since 2012/13, that found no material control deficiencies, there was no independent assurance available (Board
Briefing, p.4).
‘* The Deloitte Board Briefing document dated 4 June 2014 raised two means by wi
transaction data (picked up in the Parker Review)
‘+ The final report, titled ‘Horizon: Desktop Review of Assurance Sources and Key Control Features’, contained suggestions to POL management on additional activities which
could be performed to provide further comfort to POL relating to Horizon. These recommendations were divided into three categories: actions that may further support
Project Sparrow; actions that will integrate knowledge obtained from this work into the Future System Requirements project; and actions that may help POL move
I__ towards a more holistic programme of Assurance. (p.32-33)
Seen by I* The POL Board was provided with an executive summary of the draft Project Zebra report in late April/May 2014.
whom I * _UKGiLegal has reviewed a final Project Zebra report drafted for the POL Board by Deloitte and dated 4 June 2014
appropriately auth
ed users at Fujitsu could theoretically remotely alter branch
‘+ Inaddition, the minutes of the Sparrow Sub-Committee on 6 June 2014 and the subsequent minutes of the POL Board meeting on 10 June 2014 do not appear to indicate
that the final Project Zebra report was discussed,
45
UKG100048174
UKGI00048174
Second Sight interim Report issued on 8 July 2013,
Scope I © “{T]o consider and to advise on whether there are any systemic issues and/or concerns with the “Horizon” system, including training and support processes, giving evidence
and reasons for the conclusions reached" (Second Sight Interim Report, p.1)
Applied a wide definition of the Horizon system, encompassing the relevant software packages, computer hardware, communications equipment used in branches and
central data centres and software used to control and monitor systems, as well testing and training systems.
‘+ Within the report’s scope was the investigation of 47 specific SPMR cases submitted either via the JFSA or the office of James Arbuthnot MP.
Key ‘+ Subject to further investigation, found no evidence of systemic problems with the Horizon software. States that, whilst itis “Clear that [..] the Horizon system appears to
achieve its intended purpose almost all of the time [..], some combinations of events can trigger situations where problems occur” (Second Sight Interim Report, p.6)..
Noted that POL had disclosed two incidents where defects in the Horizon system caused incorrect balances or transactions in 76 individual branches.
Appears critical of POL in several respects, including the scope and thoroughness of investigations carried out by POL's Investigation Division, POL’s compliance with its
own policy concerning the contract between POL and SPMRs and POL's response to the reporting of issues by SPMRs, which is described as “unhelpful [and]
unsympathetic” (Second Sight Interim Report, p.8)
Details four ‘spot reviews’ of specific incidents reported by SPMRs, three of which Second Sight reported required further investigation in order to come to firm
conclusions
Led to POL’s formation of the Horizon Working Group to oversee the Complaints Review and Mediation Scheme on 27 August 2013
Seen by I* 1 July 2013: According to Project Brisbane and the minutes, the Second Sight Interim Report was discussed at a meeting of the POL Board held on 1 July 2013. “The
whom investigation to date found no systemic issues with the Horizon computer system but had highlighted areas for improvement in support areas such as training.” Notes two
‘anomalies’ that were disclosed to Second Sight during the course of the investigation. Concerns were raised that the report “was not as factual as expected and could
lead to loose language” (Project Brisbane Chronology, p.48).
5 July 2013: A summary of the report by Peter Batten of ShEx states that Second Sight have “overstepped [their] remit” in an attempt to achieve “reconciliation” between
POL and SPMRs and have unsuccessfully tried to position themselves as “an arbitrator”.
5-9 July 2013: Emails show that the report was discussed extensively by Will Gibson, Mike Whitehead and Peter Batten of ShEx. Briefings on the contents of the report and
suggested lines to take were provided to Jo Swinson MP and others. These briefings also covered a parliamentary debate between Jo Swinson MP and James Arbuthnot
MP and others on 9 July 2013.
16 July 2013: According to Project Brisbane and the minutes, the Second Sight Interim Report was discussed at a meeting of the POL Board held on 16 July 2013 attended
by Susannah Storey. The report is described as “challenging”, noting that it raises “cultural issues which had to be addressed to improve the support [POL] gave to sub-
postmaster.” Concerns are raised “that the review opened [POL] up to claims of wrongful prosecution.” It is further noted that POL “had not managed the Second Sight
review well” (Project Brisbane Chronology, p.50).
Second Sight — Briefing Report Part One — 25 July 2014
Scope I* Adescriptive review of “Post Office branch operating procedures and related functions of the Horizon system” (Second Sight Part One Report, p.2).
Provides detailed definitions and descriptions of key concepts, terminology processes and software/hardware.
Also “describes how some errors might occur and what facilities are available to a Subpostmaster to identify or correct those errors” (Second Sight Part One Report, p.31).
Key ‘© Wholly descriptive; simply describes theoretical scenarios that may lead to discrepancies without reference to specific cases.
Seenby I* * Various references to a ‘thematic report’ produced by Second Sight occur around the time of the publication of the Briefing Report Part One. The below record of,
whom discussions relating to Second Sight’s investigation is based on the assumption that the Briefing Report Part One and the ‘thematic report’ are the same document.
46
UKG100048174
UKG100048174
* 10-30 September 2014: An email chain between Jo Swinson, Richard Callard, Peter Batten & others in September 2014 refers to a Second Sight “thematic report” and
states that it was “produced as a generic reference document for use during the mediation process.” The correspondence suggests that a briefing was provided by ShEx to
Jo Swinson, though it is not clear if this briefing specifically covered the report and its contents.
* 18 February 2015: A document titled ‘Timeline Review of Sparrow Sub Committee Docs’ states that the “Committee asked Business to consider its relationship with SS,
discussed the thematic report and agreed business should publish its own report alongside.”
Second Sight ~ Briefing Report Part Two - 9 April 2015
‘Scope I * Considered whether there were systemic issues and/or concerns with the Horizon system, including training and support processes.
‘+ Significant disagreement between Second Sight and POL over the remit of the investigation, particularly on issues such as criminal cases and evidence, the contract
between POL and SPMRs and the transfer of risk between POL and SPMRs. The report does cover these areas, despite the fact that it is noted POL considers them to be
beyond Second Sight’s remit.
‘* States that Second Sight’s ability to complete investigations within the agreed scope of the initially commissioned work was “significantly restricted” by POL denying
access to three categories of documentation: legal files relating to investigations/criminal prosecutions of SPM applicants; email records of POL employees working at
Fujitsu’s office in Bracknell in 2008; transactional records relating to POL’s Suspense Accounts(s). Notes that the report is, therefore, “incomplete in a number of important,
respects” (Second Sight Part Two Report, p.7 & p.51).
Key ‘© The contract between POL and SPMRs was not always provided to SPMRs and the contractual terms, placing responsiblity for losses on SPMRs, was “unfair” (Second Sight
Findings Part Two Report, p.8).
‘© Training is described as “probably adequate for people who had reasonable levels of IT skills”, though some issues are raised such as inconsistencies in the level of training
provided over time, and the absence of a quality control function to monitor the training provided by SPMRs to their staff. Concerns are also raised about the quality of
advice offered by support services such as the Helpline (Second Sight Part Two Report, p.23).
‘* Horizon is described as insufficiently error repellent, in that “the majority of branch losses were caused by ‘errors made at the counter” which could have been avoided if
“more robust, error repellent, systems had been introduced.” States that the transfer of risk from POL to SPMRs means that the former had little incentive to implement
such systems, Details a number of ways in which these ‘errors made at the counter’ could lead to discrepancies on the Horizon system (Second Sight Part Two Report, p.7-
8).
‘+ Made findings that indicated that Horizon had the potential to result in branch account losses that did not differentiate between user entries and system-generated
entries, such as “error recovery and correction processes that] can result in transaction reversals that carry the System Identity (1D) of the user who entered the originating
transaction that the system itself is reversing, or the ID of the user restarting the system” (Second Sight Part Two Report, p.30).
* Concluded that “(Fujitsu and POL did have, and may still have, the ability to directly alter branch records without the knowledge of the relevant [SPMR]” (Second Sight Part
Two Report, p.6). Specifically refers to the minutes of a meeting between POL and Fujitsu held in August 2010 that “appears to confirm, that in 2010 at least, it was
possible for [Fujitsu and POL] to directly amend branch data”. Reports that POL describes the document’s references to ‘amending’ and ‘correcting’ branch records as
“unfortunate colloquial shorthand used by those working on the Horizon system” (Second Sight Part Two Report, p.33).
‘+ Also describes difficulties faces by SPMRs with the processes employed for certain products and services offered at Post Office branches such as ATMs, Motor Vehicle
Licenses, Foreign Currency Transactions and National Lottery products.
‘+ Concludes that “policy decisionIs] by Post Office at a senior level, possibly based on legal advice”, have denied Second Sight access to relevant documentation and resulted
in the firm being “unable to complete our independent investigation in the way that we considered necessary” (Second Sight Part Two Report, p.51).
47
UKG100048174
UKG100048174
Seen by I *
whom
‘© UKG! Legal is carrying out further work to understand the extent with which the Board were involved in detailed discussion of the Second Sight Report and POL's detailed
response to it
* On 15 April 2015, POL issued a document, en EN ET ly of Post Office Limited to Second Sight roviding a detailed response to each of the
claims made in the Second Sight eee
‘The Parker Review issued on 8 February 2016
Scope I * Review into POL’s handling of the complaints made by SPMRs regarding the alleged flaws in Horizon, and determination of whether the processes designed and
implemented by POL to understand, investigate and resolve those complaints were reasonable and appropriate.
'* Analysed four areas: (i) criminal prosecutions; (ii) the Horizon system; (il) training and support provided to SPMRs; and (iv) the mediation scheme investigations of
individual cases. In relation to all four areas the review sought to address two principal questions, firstly, what had already been done in the 2010-2015 period and,
secondly, what further work could be done to plug any remaining gap. _
Key ‘* Accepted that the Horizon system works effectively and accurately ‘the overwhelming majority of the time’
Findings I * Did not find evidence that suggested the bugs identified were the cause of wider loss to SPMRs.
In relation to thematic issues identified by Second Sight, agreed with the analysis of POL and Fujitsu that few, if any, of those issues could sensibly be said to relate to any
error in the operation of the Horizon system.
* Found that in May / June 2014, POL was aware that Fujitsu did have, and may still have had, the ability to directly alter branch records without the knowledge of the
relevant SPMR (Project Zebra),
‘* Found that the ability of certain restricted individuals in Fujitsu to create transactions directly in branch ledgers which do not require positive acceptance or approval by
‘SPMIRs (Balancing Transactions) was problematic as the existence of the Balancing Transaction capability and the wider ability of Fujitsu to ‘fake’ digital signatures were
contrary to the public assurances provided by Fujitsu and POL about the functionality of the Horizon system.
‘+ Made eight recommendations, including that further work be carried out to address findings.
Seen by I * Managed by Jane Macleod and the POL Legal Team.
whom I * Does not appear to have been shared with or discussed formally at the POL Board.
‘+ _ High-level summary of findings shared with Baroness Neville-Rolfe on 4 March 2016.
Project Bramble issued in July 2018
48
UKG100048174
UKGI00048174
Scope I * Deloitte re-engaged in 2016 to undertake a phased piece of assurance (between 2016 - 2018) to consider issues identified by Jonathan Swift QC as part of the Parker
Review including:
‘* {i In Phase One: the existence of any bugs within the system that could cause the branch errors, the accuracy of branch balancing transactions and the controls
environment — specifically whether amendment/deletion of transactions by Fujitsu was possible;
‘+ (ii) In Phase Two: an audit of privileged user logs and controls, an investigation of analytical datasets which purport to show (a) gaps in audit logs and (b) branches out of
balance, and an investigation into the controls over non-counter transactions;
‘+ (ill) In Phase Three: further investigation into non-counter transactions to ascertain the existence of gaps which could call Into question the integrity of data and, if gaps
existed, could these gaps be the cause of the branch level discrepancies; and
‘© (iv) In Phase Four: engaging with Fujitsu to address any comments raised in relation to Fujitsu’s own report into database security within the Horizon system,
Deloitte's Bramble work formed the basis of POL's position in the GLO,
key ‘+ Identified two means by which Fujitsu could alter branch accounts on Horizon Online: (1) through the Balancing Transaction functionality (i.e. within the system's normal
Findings I system functionality - Post Office was already aware of this functionality); and (2) through certain privileged users outside of Horizon’s specific functionality which have
the ability to add, amend or delete transactions.
To the best of Deloitte's knowledge such transactions would appear as if a normal transaction generated in branch by the postmaster. Deloitte observed that safeguards
existed to prevent this including the segregation of access permissions and a time restriction.
Seen by I* Managed by Jane MacLeod the POL General Counsel
whom I * July 2016 preliminary report does not appear to have been shared with or discussed at the POL Board. Instead it was discussed by the GLO Steering Group and then shared
by Jane MacLeod with the Group Executive.
49
ANNEX 3- Letter from Tim Parker to Baroness Neville-Rolfe dated 4 March 2016
: 4 Tinh Parker
Chateman
Finsbury Ofals
20 Finsbury Street
Lonoon
cay 9AQ
Yeteptione :f
Baroness Neville-Rolfe DBE CMG
Department for Business Innovation & Skills
1 Victoria Street
London
SW1H OET
4M" March 2016
At our meeting on 26 January 2016, 1 provided you with an update on the work I have
undertaken with the assistance of Jonathan Swift QC and Christopher Knight, both of 14
Kings Bench Walk Chambers to review of the Post Qffice’s handling of complaints made by
Sub-Postmasters about the operation of the Horizon software system. I now write to set
out further information about the approach to the review, the scope of work undertaken
so far, and my Initial findings, 1 also outline my plans to bring the work to a conclusion,
Before doing so, I wish to stress that this update, and the work which underpins it, reports
‘on the legal advice 1 am currently receiving and Is, accordingly, subject to legal
professional privilege and provided in confidence. 1 am, of course, aware that once the
various additional strands of work I am pursuing are complete, we will need to find an
appropriate method of communicating the results of my review to a wider audience,
Scone of the Review,
My objectives were as follows,
“To review the Post Office's handling of the complaints made by sub-postmasters regarding
the alleged flaws In Its Horlzon electronic point of sale and branch accounting system, and
determine whether the processes designed and implemented by Post Office Limited to
understand, Investigate and resolve those complaints ware reasonable and appropriate”,
T considered that the review should address both what had happened to date (In the period
2010 ~ 2015), and also the Important question as to whether there were any gaps In the
work done and what more, if anything, could now reasonably be done to address the
complaints that had been raised.
50
UKG100048174
UKG100048174
J decided that the particular focus should be on those matters at the heart of the
complaints raised against the Past Office, namely:
i) criminal prosecutions;
li) the Horizon system (I.e. the software);
i) the support provided to sub-postmasters through training and helplines; and
iv) the investigations in the circumstances of specific cases where a complaint had
been raised.
The remainder of this etter summarises the headline findings of the review in these areas,
and the recommendations made against each.
T can confirm that my advisors requested and were given unrestricted access to
documentation. Numerous meetings were held between them and a range of Post Office
staff and employees of Fujitsu (who provide the system), T met with Lord Arbuthnot, and
with Second Sight (the forensic accountants wha worked on this issue) and I asked Alan
Bates, the Chairman of the Justice for Sub-postmasters' Alliance, to meet me, but
regrettably he declined.
Principal Findings and Recommendations
i) Criminal Prosecutions
The safety or otherwise of any specific conviction is a matter for the Court of Appeal ar
the Criminal Cases Review Commission, the independent body established to consider
complaints of miscarriage of justice, and which Is currently considering some 23
applications from former sub-postmasters, The Post Office Is co-operating fully with the
CCRC's work and 1 have, of course, directed that it should continue to da so.
The Post Office has previously taken advice from solicitors and Leading Counsel expert in
criminal law on the adequacy of the Post Office's policy and practice on disclosure where
it acts as prosecutor, Based on that I am satisfied that Post Office has adopted a proper
approach to disclosure such that it satisfies its duty of disclosure as prosecutor.
One matter raised In the BBC Panorama programme and elsewhere Is the claim (and 1
must stress that it Is only a claim) that the Post Office brought cancurrant charges of theft
and false accounting against sub-postmasters when there was not sufficient evidence for
a charge of theft, and the theft charge was only brought to put pressure on the sub-
postmaster concerned to plead guilty to the false accounting charge. As a result of the
review I have decided to take the following steps.
(1) Twill take advice from speciallst criminal counsel as to whether the decision
to charge theft and false accounting could undermine the safety of any
conviction for false accounting if (a) the conviction was on the basis of a
guilty plea following which, and/or In return for which, the theft charge was
dropped, and (b) there had not been a sufficlent evidential basis to bring
the theft charge.
(2) If the advice received is that such a conviction could be undermined In those
circumstances, I will ask counsel to review the prosecution file in the cases
concerned to establish whether, applying the facts and law applicable at the
relevant time, there was a sufficient evidential basis to conclude that a
conviction for theft was a realistic prospect such that the charge was
properly brought.
51
UKG100048174
UKG100048174
ii) Horizon
Post Office recognises that in a system of the ago, size and complexity of Horizon, it was
unremarkable that occasional bugs, errors or glitches were uncovered and addressed. A
limited number of specific problems with the potential to affect branch accounts were
brought to the attention of Second Sight during the course of thelr wark, together with
details of the way in which the Post Office had addressed these matters. It is apparent
that these bugs were capable of having a generic impact (i.e. of affecting all users of the
Horizan system and not only those who had ralsed complaints about them). However, no
evidence has emerged to suggest that a technical fault in Horlzon resulted In a
postmaster wrongly being held responsible for a loss. In the cantext of this review
exercise, I have concluded that there Is no basis on which to recommend further action
in relation to these known, specific, errors,
Nevertheless, the review repart suggested that consideration should be given to whether
it would be possible, by analysis of the transaction logs of sub-postmasters who made
complaints, to determine more comprehensively whether or not the matters complained
of by each sub-postmaster could show the existence of some other, generic, bug within
the system. Work Is now underway to assess if such testing is possible, and If so, to
scope the wark that would need to be done.
Further work is also underway to address suggestions that branch accounts might have
been remotely altered without complainants’ knowledge. In particular the security
controls governing access to the digitally sealed electronic audit store of branch accounts
over the life of the Horizon system, will be reviewed,
iii) Training and Support
A consistent theme of the complaints against the Post Office Is the allegation that sub-
postmasters were provided with Insufficient training to operate the system effectively
and/or did not recelve an appropriate level of support while in post.
A number of factors, including the lack of specificlty in the allegations made and the
relative paucity of avallable traning records, made It very difficult for the review to
determine the merits of these complaints.
T have concluded that these issues have already beon addressed as comprehensively as
Is reasonably possible by both the Post Office and by Second Sight through their
Investigations of all complainants’ cases. However, I am taking forward one further line
of enquiry in relation to the very limited number of cases where specific allegations were
macle of misleading advice being provided by the Post Office’s helplines.
lv) Investigation of Cases
The review also looked at the Post Office's investigations of the complaints as part of the
Mediation Scheme process. It has concluded that the investigations were detailed and
thorough, and left no more than very limited gaps which might now reasonably be filled
by further work. There is only one further accounting exercise recommended by the
review team, which consists of an examination of the extent of any relationship between
unmatched balances in the Post Office's general suspense account and branch
discrepancies, and Independent experts have been instructed to underlake this
examination.
52
UKG100048174
UKG100048174
Next steps
1 have commissioned independent persons to undertake the necessary work, T am
satisfied that they meet the standards of expertise and independence appropriate to the
tasks.
1 do, of course, share your alrn that matters should be drawn to a conclusion as soon as
possible consistent with the need for the work that remains to be done lo a high
standard. 1 hope you will understand that, particularly in relation to the further testing of
the Horizon system, this work may take some time. I anticipate that I will be ina
positfon to report back on the outcome of this further work during May.
I firmly believe that the focus and scope of my review to date, together with the further
work which I have now commissioned, will at that time allow me to confirm that the
processes designed and Implemented by Post Office Limited to understand, investigate
and resolve those camplaints were reasonable and appropriate, and that there are no
further enquiries which need to be undertaken into this nratter, whether by Post Office
Limited or, Indeed, by anyone else.
Finally, may [ mention lwo other matters? First, and as I have noted above, a number of
sub-postmasters have made applications to the Criminal Cases Review Commission for
the circumstances of their convictions to be looked Inte with a view lo these cases being
brought back to the Court of Appeal. That work is on-going and the Post Office continues
to co-operate fully in the process, Second, the Justice for Sub-postmasters Alliance is
reported to have received funding to instigate civil proceedings against the Past Office.
However, at the time of writing, no claim has been Issued, nor has any letter of claim
been received.
T hope that the above sets out mattors satisfactorily, If you would like to discuss the
review report with me, T would be happy to do so,
Tim Parker
53
UKG100048174
UKG100048174
UKG100048174
UKG100048174
ANNEX 4 - Letter from Sarah Munby to Tim Parker dated 7 October 2020
Sarah Munby
Permanent Secretary
Department for Department for Business, Energy &
Business, Energy Industrial Strategy
& Industrial Strategy 1 Victoria Street
London
Tim Parker SW1H OET
Post Office Limited T
Finsbury Dials E
20 Finsbury Street, SN Ques
London W wavw.gov.uk
EC2Y 9AQ
7" October 2020
Dear Tim,
Post Office
As part of our preparation for the BEIS Select Committee hearing which had been scheduled
for March, we received from Post Office Ltd (POL) 4 copy of the report prepared by
Jonathan Swift QC that was commissioned by you at Baroness Neville-Rolfe’s request after
your appointment as Chair in 2015. We understand from the work done recently by the
company and its advisers to look at the history of Horizon that the findings and
recommendations by Jonathan Swift QC were not shared with the rest of the Post Office
Board.
We understand that you were advised at the time by the Post Office’s General Counsel that
for reasons of confidentiality and preserving legal privilege the circulation of the report
should be strictly controlled. Nevertheless, given the background of parliamentary interest,
the fact that your review was commissioned by the Minister responsible for the Post Office
and the potential significance of the recommendations made by Jonathan Swift QC, we
consider it was an mistake not to have ensured that the whole board had an opportunity to
see and discuss the detail of its findings and agree what any next steps should be. With
hindsight, this information should have been seen by the board and we are disappointed
that it wasn't.
Asa rule, we think it is quite difficult to envisage any circumstances where issues of legal
privilege or confidentiality should prevent relevant information being shared with a
company’s board. You won't need us to remind you of the importance of effective
corporate governance and that the role of the board is to ensure the company’s prosperity
by collectively directing the company’s affairs, while meeting the appropriate interests of its
shareholders and relevant stakeholders.
54
Finally, we also recognise that while you have been Chair and under Nick Read’s new
leadership, the Board has instigated and directed a fundamentally different approach to
handling the grievances brought by postmasters affected by Horizon as well as initiating
significant changes to the organisation, processes and culture of the organisation. These
changes are to be welcomed and we continue to encourage the company to act quickly and
decisively to do what it can to remedy the remaining issues arising from the Horizon cases
as well implementing the changes needed to ensure that such issues never arise again.
Thank you for everything you are doing to make this happen and for your support in driving
forward the new direction for the Post Office.
Best wishes,
Sarah Munby
Permanent Secretary for Business, Energy & Industrial Strategy
55
UKG100048174
UKGI00048174