WITN11110200
WITN11110200
Witness name: Jonathan Hill
Statement No: WITN11110200
Dated: 22"4 March 2024
POST OFFICE HORIZON IT INQUIRY
Second Witness Statement of Jonathan Hill
on behalf of Post Office Limited in the Post Office Horizon IT Inquiry
1. I, Jonathan Hill, of 100 Wood Street, London, EC2V 7ER, say as follows:
A. Introduction
2. I am Jonathan Hill, Compliance Director at Post Office Limited (“Post Office” or
"POL"). I joined Post Office in 2004 as a senior manager in the team looking after
bill payments and commercial cash in transit. Around 2007 I became Head of
Personal Financial Services, liaising with our joint venture company with the Bank
of Ireland, Post Office Financial Services (“POFS”). In 2012 I was appointed the
Head of Financial Services (“FS”) Risk, Compliance, Strategy & Planning. In 2017
I became the Head of Risk & Regulation, FS & Telecoms. In 2018 I was appointed
as Compliance Director. This is my Second Witness Statement to the Inquiry
(“Second Witness Statement”). Whilst not having been employed by the Company
during the whole period in question (the “Relevant Period” — which I understand
Page 1 of 16
WITN11110200
WITN11110200
covers mid-1996 to June 2021), I feel that in my role as Compliance Director and
taking into account my previous roles, I am equipped with the professional
experience required in order to have acquainted myself with the regulatory
oversight of Post Office during the Relevant Period and so subject to any caveats
highlighted herein, I am the appropriate person to give this Statement on behalf of
Post Office.
. This Statement has been prepared following an extension of time granted on 1%
March 2024 in response to a request made by the Post Office Horizon IT Inquiry
(the "Inquiry”) pursuant to Rule 9 of the Inquiry Rules 2006, dated 16" February
2024 ("Request No. 51"). Request No. 51 asks for an explanation of “the regulatory
oversight of Post Office Limited (and any relevant predecessors) during the
relevant period (as defined in the list of issues), in respect of matters relevant to
the Inquiry’s terms of reference” and includes the following:
a. A high-level overview of the regulatory role the Financial Conduct Authority
(“FCA”) (and any relevant predecessors) played in relation to POL in respect
of matters relevant to the Inquiry’s terms of reference;
b. Whether POL is/was subject to the FCA’s Senior Managers regime;
c. Whether POL is/was regarded as either a bank or building society by the
FCA; and
d. Whether any other regulators played a role in relation to POL in respect of
matters relevant to the Inquiry’s terms of reference, and if so, a high-level
overview of that role.
Page 2 of 16
WITN11110200
WITN11110200
4. An earlier Witness Statement provided by me dated 1** March 2024 addressed
parts (a) to (c) of Request No. 51 (“First Witness Statement”). This Second
Witness Statement addresses part (d) of Request No. 51.
5. I have aimed to include within this Second Witness Statement evidence relating
to all matters or issues detailed in part (d) of Request No. 51 insofar as the relevant
facts are within my own knowledge. The facts in this Second Witness Statement
are true, complete and accurate to the best of my knowledge and belief. Where
my knowledge and belief, as set out in this Second Witness Statement, has been
informed by another person or by documents that I have reviewed, I acknowledge
that person or those documents. I have been assisted in preparing this Second
Witness Statement by Burges Salmon LLP and Fieldfisher LLP (together "BSFf"),
who act on behalf of Post Office in the Inquiry. I have had online meetings with
BSFFf to assist my preparation of this Second Witness Statement.
B. Approach
6. It is my understanding that there is not a generally applicable definition at law of a
‘regulator’. Commonly it covers an independent public body or person with the
function of supervising and/or setting rules for an industry, or specific activity or
organisation(s). The setting of rules and supervision are wide concepts.
7. Post Office has used the above understanding in drawing up a list of regulators,
or bodies that might be regarded as regulators, who may have ‘played a role in
relation to POL in respect of matters relevant to the Inquiry’s terms of reference.”
Page 3 of 16
WITN11110200
WITN11110200
8. The list is provided to the best of my knowledge and belief, having been drawn up
with the assistance of colleagues at Post Office following engagement with
individuals within various business units. Post Office does not have a complete
corporate memory over the entire Relevant Period as a result of staff changes and
the ownership changes which led to some documents being retained by Royal
Mail Group. As a result of this, and although best efforts have been used to identify
potential regulators, there may be gaps in the list.
9. In order to identify the role that each regulator may have played, I liaised with
colleagues, and I understand that searches have been run, and the results
reviewed, by BSFf over potentially relevant repositories of data for regulators’
names to identify potential instances where regulatory involvement or oversight
may have taken place.
(a) Department of Business and Trade (“DBT”) (and predecessor
departments)
(i) The role of DBT is not addressed in this statement on the basis that Post
Office does not consider that DBT is properly described as a regulator, and
it does not, therefore, fall within the scope of Request No. 51. The Inquiry’s
attention is drawn to other Post Office responses, in particular its responses
to Requests 49 and 50 pursuant to Rule 9 of the Inquiry Rules 2006, where
I am informed that the oversight of Post Office by DBT (and predecessor
departments) is discussed in more detail.
Page 4 of 16
WITN11110200
WITN11110200
(b) Competition and Markets Authority (“CMA”)
(i) The CMA promotes competitive markets and tackles unfair behaviour. For
example, this included the CMA investigating and clearing the anticipated
acquisition by Post Office of the bill payments systems business of Payzone
UK Limited. Post Office takes the view, however, that the CMA did not play
a role in respect of the matters under investigation by this Inquiry as outlined
in the terms of reference and/or completed list of issues and hence, I do not
address further the role of the CMA in this Second Witness Statement.
(c) HM Revenue & Customs
(i) HMRC is one of 28 supervisors under the Money Laundering Regulations
and is responsible for regulating money service businesses pursuant to the
Money Laundering, Terrorist Financing and Transfer of Funds (Information
on the Payer) Regulations 2017. Post Office is therefore directly regulated
by HMRC with respect to its branch on-demand and pre-order Travel Money
services. The regulations place obligations on Post Office to have risk-
based systems and policies in place to prevent its services from being used
for money laundering and terrorist financing.
(ii) As a ‘Large Trader,’ Post Office has regular face to face meetings with its
designated Economic Crime Supervision Compliance Officer to discuss any
changes to HMRC guidance or the relevant laws and to discuss any
potential changes to the way Post Office manages or provides its directly
regulated products.
Page 5 of 16
WITN11110200
WITN11110200
(iii) From time to time, HMRC may check Post Office compliance with the
regulations via branch visits or office-based meetings, looking at Post
Office’s anti-money laundering risk assessment of its customers, products
and services, and the associated policies, controls, training and procedures.
HMRC has the right to access all the records and paperwork relating to the
branch Travel Money business and may also undertake checks to ensure
that the right employees and officers of the business have undertaken their
‘fit & proper’ test'. As far as I am aware, the last full HMRC Anti-Money
Laundering Supervision Compliance Audit of Post Office was undertaken in
2016-17.
(iv) Post Office has submitted statutorily required tax returns during the period
to HMRC, making payments of tax, where due. The tax returns will have
been subject to varying degrees of scrutiny by HMRC over the period, with
regular communication between the parties. Post Office has been registered
for VAT, Corporation Tax, and Employment Duties (covering PAYE and
NICs) and at times will have interacted with other relevant, non-mainstream
tax regimes.
1 HMRC approves Post Office employees pursuant to a ‘fit and proper’ test (currently believed to be approximately
60 employees), whilst Post Office checks Postmasters. Whilst a person’s skills and experience to act in a given
role is considered as part of the test, the ‘fit and proper’ test does not specifically test whether the business itself is
professionally run or operated
Page 6 of 16
WITN11110200
WITN11110200
(v) It is standard practice for a taxpayer to inform HMRC if they commence
using a new system which records information which will form part of its
statutory returns. Horizon does feed through to the Post Office’s VAT
returns. I would therefore expect HMRC to have been both informed and to
have asked questions and possibly carried out some checking when
Horizon was introduced (and periodically thereafter). It is my understanding
that HMRC has a pool of more specialist computer systems officers who
would have carried out this work. However, I have no records to show
whether any of this occurred. I am also unaware as to whether there was
any engagement with HMRC in relation to any of the Inquiry’s list of issues
during the Relevant Period.
(vi)In relation to taxation, it is my understanding that HMRC did hold general
update meetings with Post Office, as well as periodic inspections.
(vii) Further, in relation to taxation, it is noted that HMRC was formed in
2005 by combining Inland Revenue and HM Customs & Excise. These
departments both regulated Post Office during the Relevant Period prior to
their merger.
(viii) Post Office also engages with HMRC in relation to employment and
payroll related issues.
(d) National Audit Office (“NAO”)
(i) The NAO is the UK’s independent public spending watchdog, supporting
Parliament in holding the government to account. It is my understanding that
Page 7 of 16
WITN11110200
WITN11110200
Post Office’s operational independence means that the NAO does not as a
matter of practice audit the Post Office. The NAO may, however, have
touched on Post Office as a result of its work in auditing public bodies. Post
Office does not consider that the NAO is relevant for the purposes of
Request No. 51.
(e) The Office of Communications (“Ofcom”)
(i) Before its responsibilities passed to Ofcom in 2011, the Postal Services
Commission (“Postcomm’) was the regulator of the mail industry. Ofcom is
the regulator for communications services, which include the ‘universal
postal service obligation’ (“USO”). This concerns Royal Mail (including, for
example, the requirement to deliver and collect letters six days a week, and
parcels five days a week, at an affordable and uniform price throughout the
UK), with Post Office providing the services required to fulfil the USO
through contractual arrangements with Royal Mail. The branch activities of
Post Office are not therefore regulated by Ofcom and were not previously
regulated by Postcomm, as Post Office was not a postal operator under the
Postal Services Act 2000 and is not a postal operator under Postal Services
Act 2011 in respect of Post Office branch activities.
(ii) Between 2007 and 2021, Post Office owned a telecommunications business
offering broadband and home phone services to customers. During this
period of ownership, it is my understanding that Postcomm and Ofcom had
regulatory oversight of that part of Post Office’s business. All management
Page 8 of 16
WITN11110200
WITN11110200
involved in Post Office’s telecommunications business moved with its sale
to Shell Energy Retail Ltd in March 2021. Other than my limited involvement
as Compliance Director at the time, I have been unable to identify any
corporate knowledge remaining at Post Office to inform me as to the extent
of any regulatory oversight. However, given my understanding of the nature
of the telecoms business, it is my belief that this is in any event not relevant
to the matters under investigation by this Inquiry as outlined in the terms of
reference and/or completed list of issues.
(f) Civil Aviation Authority (“CAA”)
(i) The CAA is not regarded as being relevant to Post Office for the purposes
of Request No. 51. Moreover, Post Office is not directly regulated by the
CAA, in that the most likely relevant CAA regulated transaction - Dangerous
Goods — is performed by POL acting as an agent for Royal Mail, with Post
Office taking direction in its product design from Royal Mail under a
commercial agreement (the Mails Distribution I Agreement).
(g) Advertising Standards Agency (“ASA”)
(i) The ASA is the UK's regulator of advertising. The ASA is not regarded as
being relevant to Post Office for the purposes of Request No. 51.
(h) Equality & Human Rights Commission (“EHRC”)
(i) The EHRC was established by the Equality Act 2006 and has responsibility
for the promotion and enforcement of equality and non-discrimination laws
Page 9 of 16
WITN11110200
WITN11110200
in England, Scotland and Wales. Post Office must operate in accordance
with the requirements of the Equality Act. Notwithstanding my internal
enquiries and the searches undertaken, I have not been able to identify any
occasions when the EHRC acting as regulator played a role with Post Office
during the Relevant Period. As such, it is not regarded as being relevant for
the purposes of Request No. 51.
(i) Gangmasters & Labour Abuse Authority (“GLAA”)
(i) The GLAA’s licensing scheme regulates businesses who provide workers
to the fresh produce supply chain and horticulture industry, to make sure
they meet the employment standards required by law. This is not regarded
as being relevant for the purposes of Request No. 51.
(i) Environment Agency (“EA”)
(i) The EA works with businesses to help them comply with environmental
regulations. The EA is not regarded as being relevant to Post Office for the
purposes of Request No. 51.
(k) Health & Safety Executive (“HSE”)
(i) The HSE is the national regulator for workplace health and safety. Whilst
Post Office must therefore have regard to HSE requirements and oversight,
it is not regarded as being relevant for the purposes of Request No. 51.
(l) Office of Financial Sanctions Implementation (“OFSI”)
Page 10 of 16
WITN11110200
WITN11110200
(i) OFSI is part of HM Treasury and helps to ensure that financial sanctions are
properly understood, implemented and enforced in the UK. It is not regarded
as being relevant for the purposes of Request No. 51.
(m)Payment Systems Regulator (“PSR”)
(i) It is my understanding that the PSR has had no regulatory role over the Post
Office since its formation (2015). I refer to my First Witness Statement.
(n) Prudential Regulation Authority (“PRA”)
(i) Prudential regulation rules require financial firms to hold sufficient capital
and have adequate risk controls in place. The PRA regulates banks and
insurers. Post Office has never been regulated by the PRA. I refer to my
First Witness Statement.
(0) The Pensions Regulator (“TPR”)
(i) TPR is the UK regulator of workplace pension schemes, ensuring that
employers put their staff into a pension scheme and pay money into it, as
well as making sure that workplace pension schemes are run properly. TPR
is not regarded as being relevant to Post Office for the purposes of Request
No. 51.
(p) Security Industry Authority (“SIA”)
(i) The SIA is not seen as being responsive to Request No. 51, in that it is my
understanding that it had no oversight of Post Office investigators. The SIA
Page 11 of 16
WITN11110200
WITN11110200
also oversees cash in transit operations, which is a service provided by Post
Office, but this is not regarded as being relevant to the terms of reference
and/or completed list of issues.
(q) National Crime Agency (“NCA”)
(i) Whilst Post Office collaborates with the NCA, particularly on anti-money
laundering initiatives (for example, as a member of the Joint Money
Laundering Intelligence Task Force since its creation in 2015), the NCA is
not seen as being relevant to the terms of reference and/or completed list
of issues.
(r) Investigatory Powers Commissioner's Office (“IPCO”)
(i) The IPCO independently authorises and oversees the use of investigatory
powers by public authorities, ensuring they are used in accordance with the
law and in the public interest. The Office of Surveillance Commissioners
(“OSC”) was replaced by the IPCO in 2017, with the OSC having overseen
the conduct of covert surveillance and covert human intelligence sources by
public authorities in accordance with the Police Act 1997 and the Regulation
of Investigatory Powers Act 2000 (RIPA). It is my understanding that neither
the IPCO nor the OSC had oversight of Post Office during the Relevant
Period.
Page 12 of 16
WITN11110200
WITN11110200
(s) Gambling Commission (“GC”)
(i) The GC licenses, regulates, advises and provides guidance to the
individuals and businesses that offer gambling in Great Britain, including the
National Lottery in the UK. Whilst Camelot were regulated by the GC in
respect of its relationship with Post Office, it is my understanding that Post
Office was not regulated by GC during the Relevant Period.
(t) Solicitors Regulation Authority (“SRA”)
(i) The SRA regulates solicitors in England and Wales. Post Office itself is not
regulated by the SRA, but the solicitors it employs are, who are individually
responsible for ensuring they meet their professional and ethical obligations,
including as they relate to the Inquiry’s terms of reference. Any oversight or
involvement by the SRA during the Relevant Period in relation to a particular
individual is outside of the scope of this Request No. 51.
(u) Bar Standards Board (“BSB”)
(i) The BSB regulates barristers and specialised legal services businesses in
England and Wales. Post Office itself is not regulated by the BSB, but the
barristers it employs are, who are individually responsible for ensuring they
meet their professional and ethical obligations, including as they relate to
the Inquiry’s terms of reference. Any oversight or involvement by the BSB
during the Relevant Period in relation to a particular individual is outside of
the scope of this Request No. 51.
Page 13 of 16
WITN11110200
WITN11110200
(v) Chartered Institute of Internal Auditors (“CIIA”)
(i) The CIIA is the professional association for internal auditors in the UK and
Ireland. The CIIA represents the profession of internal auditing and delivers
services to internal auditors. As such, this is not regarded as being
responsive to Request No. 51.
(w) Phone-paid Services Authority (“PSA”)
(i) The Phone-paid Services Authority is appointed by Ofcom as the UK
regulator for premium-rate services, those being content, goods and
services that can be bought by charging the cost to a phone bill or pre-pay
account.
(ii) Between 2007 and 2021, when Post Office owned its telecommunications
business, it is my understanding that the PSA had regulatory oversight of
that part of Post Office’s business. All management involved in Post Office’s
telecommunications business moved with its sale to Shell Energy Retail Ltd
in March 2021. Other than my limited involvement as Compliance Director
at the time, I have been unable to identify any corporate knowledge
remaining at Post Office to inform me as to the extent of any regulatory
oversight. However, given my understanding of the nature of the telecoms
business, it is my belief that it is not relevant to the matters under
investigation by this Inquiry as outlined in the terms of reference and/or
completed list of issues.
Page 14 of 16
WITN11110200
WITN11110200
C. Key Regulators
10.In accordance with the Inquiry’s clarification that this Second Witness Statement
should only focus on “those [regulators] which POL considers to be ‘key’ to matters
relevant to the Inquiry” and noting that the “regulators that POL considers to be
key is a matter for POL,” it is my understanding and belief that there is one
regulator that played a ‘key’ role in the regulation of POL in matters that are
relevant to the Inquiry:
(a) Information Commissioner’s Office (“ICO”)
(i) The ICO is the independent supervisory authority for data protection in the
UK. It enforces and oversees the Freedom of Information Act (“FOIA”), the
Environmental Information Regulations, the Data Protection Act (“DPA”)
and the Privacy and Electronic Communications Regulations, all of which
Post Office is subject to.
(ii) As for any organisation that is subject to these Acts, the ICO has the ability
to conduct investigations, use assessment notices, issue warnings,
reprimands, enforcement notices and penalty notices or fines. Where it is a
serious breach, the ICO can issue a fine of up to £17.5 million or 4% of
global turnover.
(iii) Post Office has two direct ‘relationship’ contacts within the ICO; one for the
DPA and one for FOIA. Post Office teams meet with these contacts
regularly and exchange information relating to any ongoing complaints that
Page 15 of 16
WITN11110200
WITN11110200
may have been raised by individuals to the ICO. This has included
complaints to the ICO by postmasters.
Statement of Truth
I believe the content of this statement to be true.
Dated: 22"4 March 2024
Page 16 of 16