WITN11240100
WITN11240100
Witness name: Douglas George Evans
Statement No: WITN11240100
Dated: 7 November 2024
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF DOUGLAS GEORGE EVANS
I, Douglas George Evans, will say as follows:
1 My name is Douglas George Evans. I was employed by Royal Mail Group
("RMG") as General Counsel from June 2006 to December 2010.
2 This witness statement has been prepared in response to a letter from the Post
Office Horizon IT Inquiry (the "Inquiry") dated 1 October 2024, requesting a
witness statement pursuant to Rule 9 of the Inquiry Rules 2006 (the 'Rule 9
Request"). In this witness statement, I address the questions set out in the
Appendix to the Rule 9 Request.
3 The Rule 9 Request refers at various points to my role at "POL/RMG", or to
my role at "POL". To avoid misunderstanding, I was never employed by Post
Office Ltd ("POL"), nor did I sit on POL’s Management Board. I have therefore
answered the questions contained in the Appendix to the Rule 9 Request as if
they referred solely to my role at RMG.
Page 1 of 37
WITN11240100
WITN11240100
4 Unless otherwise stated, the facts and matters contained in this witness
statement are within my own knowledge and belief. Where any information is
not within my personal knowledge, I have identified the source of my
information or the basis for my belief. The facts in this witness statement are
true to the best of my knowledge and belief. I confirm that I have been assisted
by Stephenson Harwood LLP in the drafting of this witness statement.
GENERAL COMMENTS
5 In this statement I refer to questions I have been asked in the Rule 9 Request,
some of which are very specific. I also refer to documents that have been
provided to me via the Inquiry which the Inquiry have asked me to consider
and on which the Inquiry has asked me to provide certain comments. The
structure of and topics within this statement reflect the areas I have been asked
to address by the Inquiry.
6 The events and documents to which this statement relate took place between
14 and 18 years ago. In the time since I received the Rule 9 Request, I have
sought to recollect the matters included in the Rule 9 Request to the best of
my ability, but inevitably there are certain matters I cannot recall and others
where I am unable to recall the events in detail. In this statement, I indicate the
matters which I cannot recall and those where I have some recollection.
7 As to the documents with which I have been provided, I have indicated whether
I recall the document or the event(s) to which it relates, as well as whether, if I
do not now have any recollection of the document or event(s), the document
has refreshed my memory in any way.
Page 2 of 37
WITN11240100
WITN11240100
8 Before I seek to address each of the questions raised in the Rule 9 Request, I
would like to note how shocked I have been to learn of the matters which have
emerged in the Inquiry. I would have never imagined at the time I left RMG
that I would be writing this witness statement about the events that are now
known to have occurred. Given the importance of the issues being considered
by the Inquiry, in the short period since receiving the Rule 9 Request, I have
spent considerable time trying to recollect matters by reference to my memory
and the documents provided to seek to assist the Inquiry where I am able to
do so.
BACKGROUND
Qualifications and experience
9 I hold a Bachelor of Arts degree and a Bachelor of Laws degree from Rhodes
University, South Africa, as well as a Higher Diploma in Tax Law from the
University of the Witwatersrand, South Africa.
10 I am a registered lawyer in Zimbabwe (where I was born and raised), having
been admitted on 15 December 1985. I subsequently completed my Articles
of Clerkship at Webber Wentzel, a firm based in South Africa, from January
1986 to December 1987.
1 From 1988 to 1993 I worked in private practice. My experience was broad and
international, focussing on corporate work (in particular, listings, mergers and
acquisitions, and complex corporate transactions).
Page 3 of 37
WITN11240100
WITN11240100
12 From 1993 I worked as an in-house lawyer. Initially, I worked for Engen Limited
(formerly Mobil Oil in South Africa, "Engen"), first as an in-house lawyer in
London and later as Company Secretary in Cape Town, before moving to
London and joining Exel plc ("Exel") in January 2000. I was appointed Group
Company Secretary and Corporate Legal Director of Exel in 2001. Engen and
Exel were both listed companies.
13 I have been asked to describe what criminal law and civil litigation experience
I had before I joined RMG. Save for some pro bono advisory work which I
undertook as a law student and Articled Clerk whilst in South Africa, I had no
criminal law experience. I had involvement in some civil litigation (contract
disputes and employment disputes) while at Exel. However, I did not consider
myself at any time during my career to be a criminal or civil litigator. My legal
expertise is and was in corporate and governance areas.
Royal Mail
14 I joined RMG as General Counsel on 19 June 2006, reporting directly to the
Chief Executive Officer ("CEO"), Adam Crozier. I held this role until I left RMG
on 30 December 2010.
15 As part of the appointment process for this role, I attended a number of
separate interviews with individuals from RMG and Royal Mail Holdings
("RMH"). During this process, it was made clear that RMG was looking for a
General Counsel with the relevant experience and knowledge necessary to
* Engen was listed on the Johannesburg Stock Exchange until its takeover in December 1998. Exel was a FTSE 100 company listed on
the London Stock Exchange until its acquisition in December 2005.
Page 4 of 37
WITN11240100
WITN11240100
prepare for the planned (at that time) privatisation of RMG and to be able to
apply the corporate governance standards of a listed company. My corporate
law and governance background meant that I was well placed to fulfil that role.
Resignation
16 I have been asked to explain the reasons, background and timing behind my
departure from RMG.
17 I left RMG on 30 December 2010. My main reason for leaving RMG was that I
wanted to return to a UK listed company environment and take up a combined
General Counsel and Company Secretary role. At the time I handed in my
notice, it was unclear what the new coalition Government's plans and timing
were for the privatisation of RMG. In addition, the continued reduction in in-
house lawyer resources in RMG's legal function, and related budget
constraints on in-house and external legal costs were also a factor in my
decision to leave RMG. Further, whilst I was immensely proud to serve as
RMG's General Counsel for four and a half years, it was the most demanding
and challenging role of my career, and I felt that it was the right time for a
change.
18 After leaving RMG, I joined Mitchells & Butlers plc from January 2011 before
moving to Hays plc in February 2013, both in combined General Counsel and
Company Secretary roles. I retired at the end of August 2024.
RMG GROUP STRUCTURE AND GOVERNANCE
Corporate group structure and governance
Page 5 of 37
19
20
21
22
WITN11240100
WITN11240100
During my tenure, RMH was the holding company which owned 100% of RMG,
the operating company known colloquially as the 'Letters business'. POL was
a subsidiary of RMG known colloquially as the ‘Counters business’. In this
statement, I refer to RMH, RMG, POL and any other subsidiaries as the
"Group".
I recall being aware at the time I joined RMG that the intention was to split
RMG from POL. That split took place after I had left RMG.
The Royal Mail Board sat at the RMH level (the "Board"). I was not a member
of the Board, although I did attend certain Board meetings for specific agenda
items as required. As noted, the CEO of RMH when I joined was Mr Crozier,
later followed by Sir Donald Brydon on an interim basis as Executive Chair and
then Dame Moya Green when she joined RMG in July 2010.
The CEO of RMH set up the Group Executive Team (the "GET"), which was
an advisory body created to advise the CEO of RMH and which the CEO
chaired. The GET was not a formal committee of the Board but I do recall that
the Minutes of the GET were sent to the Board. I was a member of the GET
from 2008. Other members included (at various times) the Company
Secretary, POL’s Chief Executive, the Group Finance Director, the Head of
RMG’s Letters business, the Group Head of Human Resources, the Group
Chief Information Officer, the Group Head of Corporate Communications, the
Head of Parcelforce, the Group Head of Marketing and the Head of the
Wholesale Business.
Page 6 of 37
WITN11240100
WITN11240100
23 The GET had committees which reported to it, including the Corporate Risk
Management Committee and the Investment Committee. These were
committees of the GET and were not committees of the Board. The Minutes of
the Corporate Risk Management Committee went to both the GET and to the
Audit and Risk Committee for noting. I believe the Minutes of the Investment
Committee went to the GET for noting.
24 The formal committees of the Board, as would be typical for a UK listed
company, were the Audit and Risk Committee, the Remuneration Committee
and the Nomination Committee, which had only non-executive directors as
members. Management would attend these committees as required. The
Minutes of these committees routinely went to the Board for noting.
Audit and Risk
25 The Internal Audit and Risk Management function ("IA&RM") conducted all
RMG and POL audits. I do not recall that POL had its own audit function at the
time I was General Counsel. The Head of IA&RM reported to the Group
Finance Director and had direct access to the Chair of the Audit and Risk
Committee as required and as would be usual for this role.
Security team
26 Both RMG and POL had security teams, which were tasked with looking after
the security of RMG's and POL's premises, vehicles, equipment etc. As far as
I can recall, POL's Security team was responsible for all criminal investigations
in relation to prosecutions on behalf of POL.
Page 7 of 37
WITN11240100
WITN11240100
27 Again, so far as I can recall, all members of POL's Security team reported to a
Head of Security in POL. Together with others in the security function, the
Head of Security within POL reported to the Group Head of Security on a
functional basis (Tony Marsh during my tenure). The Group Head of Security
in turn reported to the Company Secretary (Jonathan Evans when I joined, and
when Mr. Evans retired, his successor Jon Millidge).
ROLE AND RESPONSIBILITIES
28 As General Counsel of RMG, I had responsibility for leading the provision of
legal services to all businesses in RMG using both in-house and external
lawyers. I was a member of the GET, the Corporate Risk Management
Committee, and the Investment Committee. I also attended meetings of RMH's
Audit and Risk Committee and ad-hoc RMH Board Meetings for specific
agenda items.
29 Along with day-to-day legal matters, I led on the legal aspects of a number of
large, complex and strategic projects such as the negotiation of funding
packages from the Government, responding to threatened or actual strike
action, contributing to draft legislation and independent reviews, the
restructure of MG's pension fund, outsourcing, automation and
modernisation projects, regulatory and competition issues, complaints relating
to RMG's postal service licence from the Postal Services Commission
("PostComm"), RMH's going concern determinations and (from early 2010)
the separation of RMG and POL. My skill set and experience, as set out in
paragraphs 11 to 13, was aligned to overseeing these complex projects.
Page 8 of 37
30
31
32
WITN11240100
WITN11240100
I had ten direct reports by the time I left RMG. As discussed further at
paragraph 37 below, each head of the eight specialist teams within the legal
function reported to me. RMG's Head of Compliance, whose role was focussed
on compliance with RMG's licence from PostComm, also reported to me. On
taking on the RMG data protection responsibilities (as discussed further at
paragraph 32), RMG's Head of Data Protection also reported to me.
I met with all my direct reports roughly once a month. The time and interaction
I had with each team differed. The meetings would comprise an explanation
by me of matters taking place at the RMG strategic level and current trading
performance, as well as a discussion of administrative matters such as
retention, recruitment, capacity and resources. In addition, we would, as
necessary, discuss any projects (such as those listed at paragraph 29) on
which I was focussed at any given time and with which in-house lawyers were
supporting me. Inevitably, each discussion would be tailored to the team, their
work and needs, and my involvement with the head of that team or members
of that team on specific projects (such as those mentioned in paragraph 29). I
was available to discuss matters as the head of the relevant team felt
necessary, but they were the subject matter experts in their specialist area so
my specific case/transaction input was limited.
I have been asked to set out the other jobs, roles and directorships I held
during my time at RMG. Initially, the intention was that I would take on the roles
of both General Counsel and Company Secretary. However, the workload as
General Counsel alone was so significant that I did not take on the additional
Page 9 of 37
WITN11240100
WITN11240100
Company Secretary role. I did, though, assume responsibilities for Data
Protection Act and Freedom of Information Act-related matters in 2008, and
was also appointed a Trustee of two Royal Mail pension-related entities from
March 2008. I have been asked about the interview process for these
additional roles; there was no interview process. Aside from these, I do not
recall holding any other jobs, roles or directorships during my time at RMG.
LEGAL DEPARTMENTS
Organisational and management structure
33 I have been asked to set out the organisational and management structure of
the legal departments of both RMG and POL.
34 For the duration of my tenure at RMG, POL did not have its own legal function.
Whilst there was a legal team dedicated to Post Office matters, (as discussed
further below), this team sat within the RMG organisational structure.
35 As far as I can recall, all members of the legal function (the "Legal Team")
were employed by RMG. I recall that the one exception to this was Susan
Crichton who joined in 2010. Ms Crichton was brought in with the intention that
she would become the General Counsel of POL post-separation and, so as far
as I can recall, was employed by POL.
36 When I joined RMG, the Legal Team was made up of loose teams. I codified
this structure into eight specialist teams with an appointed 'head of team' for
each. The eight specialist teams were: Competition, Regulation and
Wholesale; Criminal Law; Dispute Resolution; Employment and Pensions;
Page 10 of 37
WITN11240100
WITN11240100
Intellectual Property and Information Technology; Royal Mail Letters; Post
Office; and Property.
37 Each of the 'heads' of the eight specialist teams reported to me as General
Counsel. This included the Head of the Post Office team, who additionally
reported to the Managing Director of POL (Alan Cook at the time I joined, later
David Smith) in a 'matrix' structure. In turn, as noted above, I reported to the
CEO.
Locations
38 The Legal Team was based at RMG's head office (which was originally in Old
Street, London before being moved to Blackfriars, London in 2008) with the
exception of the Criminal Law team and the Post Office team.
39 The Criminal Law team was based in offices near Victoria Station, London,
which they shared with the Security team. The Security team and the Criminal
Law team worked closely together in their work, with the Security team
producing materials from their investigations which, so far as I understood, the
Criminal Law team reviewed and advised on. I understood that the rationale
for the Criminal Law team being in a different location from the rest of the Legal
team was owing to reasons of security and confidentiality, necessary because
of the type of work the Criminal Law team (and the Security team) undertook.
40 During 2007, the Post Office team moved to POL’s headquarters in Old Street,
London. The Post Office team had a degree of autonomy which increased
Page 11 of 37
WITN11240100
WITN11240100
during my time as General Counsel. Their move to Old Street was consistent
with and supported the “semi-autonomous” nature of POL.
Work of the Legal Team
41 The Legal Team provided a full legal service to the business. The volume of
legal work, from routine high-volume matters to complex transactions and
projects, was significant.
42 As set out above, the Legal Team was organised into specialist teams and,
therefore, the work each member of the Legal Team carried out on a daily
basis reflected their specialism and the particular team they were in.
43 In addition to the day-to-day work, there were a number of strategic and
complex projects which involved a combination of external law firms working
with relevant in-house lawyers, depending on capacity. Examples of such
projects are touched on in brief outline at paragraph 29 above.
44 A decision had been taken before I joined RMG to change the model for the
provision of legal services from being provided almost entirely by the in-house
Legal Team to a hybrid model using a combination of specialist in-house
lawyers and selected external law firms organised into a panel. I understood
that such a change in approach was considered necessary to meet the
requirements of the business for quality and timely legal services, not least due
to the ever-increasing demand across all businesses. Senior managers also
expected a reduction in the cost of legal services through this change in model.
Page 12 of 37
WITN11240100
WITN11240100
45 Work had started on adopting this hybrid approach by the time I joined RMG,
but it was still a work in progress. By the time I left RMG, most of the legal
services (with certain exceptions) were provided by external panel law firms,
with the Legal Team providing oversight. The nature of the support that the
Legal Team provided therefore changed during my tenure as General
Counsel; over time, the Legal Team spent an increasing amount of time liaising
with external lawyers rather than undertaking matters themselves.
46 In addition, with cost-cutting, the size of the legal team reduced significantly.
My predecessor had re-organised the Legal Team during 2005, reducing its
size from roughly 120 in-house lawyers to around 34 in-house lawyers. At the
time I left RMG, the Legal Team comprised of roughly 20 in-house lawyers.
47 I have been asked for my view of the adequacy and competency of the Legal
Team. Whilst individual qualities differed and whilst I was not exposed to all in-
house lawyers, the Legal Team were a diverse group of talented, capable,
dedicated, and resilient lawyers with deep subject matter expertise and
experience, and a thorough understanding of the business. This was a team
under constant pressure, which they handled with skill and ability. Members of
the Legal Team were well regarded in the business, with established
relationships having been built up over the years.
Criminal Law team
48 The panel law firm approach, whereby in-house lawyers would instruct
external law firms from an RMG-chosen panel for the provision of legal
services, did not apply to the Criminal Law team. I left the use of any external
Page 13 of 37
WITN11240100
WITN11240100
legal support to the Head of the Criminal Law team, Rob Wilson. I understood
that Mr Wilson used solicitor agents and barristers for court hearings.
49 I have been asked to describe my working relationship with Jarnail Singh. Mr
Singh was a senior in-house lawyer in the Criminal Law team who reported to
Mr Wilson as the head of that team. I recall being introduced to Mr Singh by
Mr Wilson during my first visit to the Victoria office (which, as noted above, the
Criminal Law team shared with the Security team) in mid-2006. I cannot recall
having had any further contact with Mr Singh.
Privilege
50 I have been asked to set out my view at the time I joined RMG of the
circumstances in which legal professional privilege would apply to
communications between a company's in-house legal department and its other
employees and agents. Legal professional privilege is a complex area, the
application of which has changed over time, including during my time as
General Counsel at RMG. Its application would depend on a number of factors,
notably the nature of the work being undertaken by the lawyers (principally
whether the work was transactional or contentious) and the nature and extent
of the ‘client’. As one would expect, legal professional privilege was an area of
which I (and the Legal Team) was aware of at the time I was General Counsel
and we took practical steps where appropriate (including the instruction of
external counsel as necessary) to seek to preserve privilege in a way that
allowed us to continue to provide advice to our client.
Page 14 of 37
WITN11240100
WITN11240100
PROSECUTIONS
51 I have been asked to set out what I knew of RMG's and/or POL's role in
prosecuting Sub-Post Masters ("SPMs") for theft, false accounting, and/or
offences under the Fraud Act 2006 whilst I worked at RMG. I was aware that
POL conducted prosecutions of SPMs in England and Wales. In terms of
RMG's role in prosecutions, I was aware that the Criminal Law team advised
on prosecution matters but that they did not make the decision as to whether
a prosecution should be brought. In relation to the question above, as to who
was responsible for the prosecution of SPMs, I do not recall being aware at
the time who in POL made the decision as to whether or not a prosecution of
a SPM should be brought.
52 In terms of my interaction with the Criminal Law team, as with all my direct
reports I met with Mr Wilson, the Head of the Criminal Law team, roughly once
a month. Mr Wilson and I would discuss administrative matters, such as
retention, recruitment, capacity and resources, and I would update Mr Wilson
on wider RMG matters. I was not involved in individual cases and Mr Wilson's
approach was generally not to discuss individual cases with me, although I did
have a sense that the number of cases involving theft and similar offences was
relatively steady. The nature of the discussion with Mr Wilson was similar to
my meetings with my other direct reports, in which my direct reports would not
discuss individual transactions, contracts or cases with me unless they felt
there was a need for me to be aware of a matter or there were projects on
which I had some involvement. That said, in my discussions with Mr Wilson,
Page 15 of 37
53
54
55
WITN11240100
WITN11240100
save for him commenting, on one occasion, on what I now believe to be the
Misra case (as discussed further at paragraph 85 below), I cannot recall him
raising individual cases.
I have been asked to describe the steps I took to satisfy myself that POL acted
in compliance with its legal obligations in bringing prosecutions and civil
proceedings against SPMs. As described above, my experience and
background before joining RMG was corporate law based. As such, I placed
trust in Mr Wilson, the Head of the Criminal Law team, and Rebekah Mantle,
the Head of the Dispute Resolution team, to give advice to POL and RMG
relating to prosecutions and civil proceedings respectively. I regarded both
these individuals as experienced and capable.
In terms of criminal prosecutions, the main barometer I used with Mr Wilson in
our one-to-one meetings was whether court deadlines in prosecutions were
being met, and whether there had been adverse commentary from magistrates
or judges in relation to the conduct of prosecutions. In terms of my role, that
would have been a trigger for further engagement by me with Mr Wilson on
whatever issue had been identified by the magistrates or judges. I do not recall
there ever being a cause for concern in this regard.
I have been asked the extent to which I was responsible for briefing the Board
or more senior managers on prosecutions or civil litigation brought by
RMG/POL, as well as the information I would provide to the Board and
executive management teams of RMG and POL regarding criminal
prosecutions and civil litigation.
Page 16 of 37
56
57
WITN11240100
WITN11240100
In terms of prosecutions, I had no responsibility for briefing the Board or senior
managers on prosecutions brought by RMG or POL. I recall that the Group
Head of Security would draft regular security reports to be sent to the Company
Secretary (to whom he reported), into which I think Mr Wilson inputted. I
believe that these reports included high level data regarding prosecutions by
RMG and POL. I cannot now recall whether these reports had a wider
circulation. This approach to internal reporting was consistent with the practice
of reporting across the specialist teams within the Legal Team; for example,
property law matters were reported by the Head of Property, employment law
matters and related data (for example, Employment Tribunal statistics) were
reported by the Group Head of Human Resources and IP/ trademark matters
were reported by the Group Head of Marketing.
I was responsible for collating a Fines, Compensation and Material Litigation
Report. I recall that Ms Mantle, Head of Dispute Resolution and one of my
direct reports, produced a summary of any relevant material litigation
(determined by reference to a monetary threshold, the details of which I cannot
now recall), which would be combined with a relevant summary on regulatory
fines (provided by RMG’s Head of Compliance) and Quality of Service
compensation (provided by the Head of the Letters team within the Legal
Team). I would submit the report to the Audit and Risk Committee twice a year.
This report was also tabled at GET meetings for noting. I cannot recall any
specific aspects of that report at this point nor any discussions regarding such
reports. However, I do recall that a principal purpose of the report was to
Page 17 of 37
WITN11240100
WITN11240100
validate and support related provisions or contingent liabilities in RMG’s
financial statements.
AUDITS
58 I have been asked how often internal audits were conducted, my involvement
in such audits and whether in my view the frequency of the audits was
sufficient.
59 I cannot recall how often audits were conducted, save for the fact that audits
were conducted in relation to all parts of the business on a regular basis. As
noted above at paragraph 25, internal audits were carried out by IA&RM. As
General Counsel and a member of the Corporate Risk Management
Committee I had certain limited risk-related responsibilities, in particular
contributing to the review of the Group’s risk management framework. I was
not involved in internal audits and did not contribute to the audit reports, and
so cannot comment on the sufficiency of IA&RM audits. I do not, though, now
recall any discussions regarding concerns as to the frequency of audits during
my time as General Counsel.
60 I have been asked whether I was satisfied with the responses taken and
mechanisms implemented by POL/RMG in relation to audits at the time I left
RMG. I recall that the IA&RM function was well regarded by the Audit and Risk
Committee, the GET and senior management. I recall thinking that the IA&RM
Director, Derek Foster, was strong and effective.
Page 18 of 37
WITN11240100
WITN11240100
61 From a management perspective, Mr Foster would attend both GET meetings
and Audit and Risk Committee meetings on a regular basis to update members
on recent IA&RM reports and related key findings and actions. There were
mechanisms to monitor and report on IA&RM key findings and agreed actions
and the Audit and Risk Committee would take action in respect of matters
identified in audit reports. I recall that the Audit and Risk Committee had a
practice of requiring relevant managers to attend its meetings following any
IA&RM report which indicated a poor outcome in an area under review, which
helped to ensure that action was taken on a timely basis.
WHISTLEBLOWING
62 I have been asked about RMG/POL's whistleblowing policy. I cannot now recall
what RMG's whistleblowing policy was at the time I joined RMG. I have no
recollection of POL's whistleblowing policy.
63 I recall that at some point in 2010, an individual made a whistleblowing
complaint to PostComm regarding the calculation of RMG's Quality of Service
result. This matter is discussed further at paragraph 107. This was the first
time I recall that I had become involved in whistleblowing matters. PostComm
carried out an investigation into this matter, but separately also recommended
that RMG made improvements to its whistleblowing arrangements which it
found to be inadequate. In response to these findings, a new whistleblowing
policy was introduced to the business with improved processes and reporting.
64 One amendment to the whistleblowing process was the appointment of a third-
party whistleblowing ‘hot line' provider (the "Hotline"). At this time, around May
Page 19 of 37
WITN11240100
WITN11240100
2010, I was made the GET Sponsor of the Hotline in my capacity as General
Counsel. I understood that the purpose of this role was to provide oversight
and support to the IA&RM Head (who as far as I can recall was responsible for
whistleblowing) in the management of the re-launched whistleblowing facility.
65 I believe the document titled 'RMG ‘Speak Up' Hotline — Internal Audit & Risk
Management (IA&RM) High Level Process (draft)' (POL00423380), which the
Inquiry has provided to me, was an internal communication sent to RMG staff
on the launch of the Hotline.
66 I have been asked if the Hotline was an appropriate means of assistance to
POL staff, including SPMs. I understood the Hotline to be a RMG policy/tool. I
am unclear at this point whether the RMG Hotline was available to POL
employees or SPMs. I cannot recall whether the RMG Hotline High Level
Process draft document (POL00423380) was sent to POL employees or
SPMs. In relation to RMG staff, I believe one of the recommendations arising
from the PostComm matter was that the whistleblowing procedure should be
independent, which the introduction of the Hotline achieved.
67 I have been asked whether anyone used the whistleblowing policy at the time
I joined RMG and throughout my tenure. Other than the example of the
whistleblowing complaint set out above, I cannot now recall any other specific
examples of whistleblowing.
HORIZON IT SYSTEM
Horizon IT System
Page 20 of 37
WITN11240100
WITN11240100
68 I have been asked about the level of knowledge I had of the Horizon IT System
("Horizon") at the time I started at RMG and during my tenure, including the
training I received on Horizon. I was aware that Horizon was the point-of-sale
IT system used in Post Offices, although, in my role, I did not interact with the
system. As such, and to the best of my recollection, at no point did I receive
any training on Horizon.
69 The only involvement I recall having with Horizon was when there was concern
in POL (for reasons I cannot now recall) that a planned Horizon update would
materially disrupt the next scheduled cash payment of weekly benefits by POL
to claimants on behalf of the Department of Work and Pensions. I recall
attending a meeting with Fujitsu with what I recall was described as a “Gold
Team” assigned to POL’s account along with members of POL's and RMG's
senior management. As far as I can recall, the purpose of this meeting was to
obtain Fujitsu's assurance that there would not be any issues in relation to
these benefits payments. It was unusual for me to attend a meeting of this
nature with any supplier which is why it sticks out in my mind. I do not recall
when the meeting took place, but it must have been after 6 March 2008
because I recall Robin Dargue, the newly appointed Chief Information Officer,
being in attendance and I note from the Minutes of the Audit and Risk
Committee meeting held on 6 March 2008 (POL00396009) that Mr Dargue's
first Audit and Risk Committee meeting was on 6 March 2008.
70 I have been asked to comment on the extent to which I knew about any bugs,
errors or defects ("BEDs") in Horizon, a lack of integrity within the Horizon
Page 21 of 37
71
72
73
WITN11240100
WITN11240100
system and/or the ability of Fujitsu employees to alter transaction and/or
branch data without the knowledge or consent of the SPMs ("Remote
Access"). At no time during my tenure did I have any knowledge of the BEDs
in Horizon, nor was I ever aware that Fujitsu employees had the ability to alter
transactions and/or branch data. While I cannot now recall the email, I have
seen in the documents provided to me via the Inquiry that I was sent an email
from Mr Wilson with the subject line "challenges to Horizon" dated 3 March
2010 (POL00106867) which, in the email chain, refers to "integrity issues"
relating to Horizon, to which Mr Wilson responded. I have dealt with this
document below (at paragraph 78).
I have been asked to explain my understanding of the content of ARQ data. I
do not recall hearing or reading this term during my tenure at RMG and do not
know what it refers to.
I have been asked what knowledge I had of "complaints" addressing BEDs or
concerns with integrity. I was not aware of any "complaints" (in the sense of an
official complaint being made by SPMs to POL (or RMG) in the ordinary
course) regarding the BEDs or a lack of integrity within the Horizon system.
As noted above at paragraph 52, I was not involved in individual cases. That
said, I recall having some knowledge that some SPMs were raising concerns
with Horizon in defences to criminal proceedings brought against them. I recall
asking Mr Wilson during one (and possibly more than one) of our one-to-one
meetings what type of defences were being raised by SPMs in the course of
criminal proceedings. I recall Mr Wilson advising that one of the defences
Page 22 of 37
74
75
76
WITN11240100
WITN11240100
raised by SPMs comprised challenges to Horizon system evidence. I was not
aware at the time as to the details of any individual prosecution and do not now
know when SPMs started raising such challenges in their defences. As to the
email dated 3 March 2010 from Mr Wilson (POL00106867) which, in the email
chain, refers to "integrity issues", I have addressed that below at paragraph
78.
I also recall being informed about the prosecution of an individual who had
based their whole defence on challenging Horizon system evidence, as
discussed at paragraph 87.
I have been asked to set out to what extent the Legal Team would discuss
Horizon, the actual or possible existence of BEDs and the actual or alleged
integrity issues with Horizon, including Remote Access, and the SPMs'
difficulties in balancing their branch accounts. As noted above at paragraph
73, I discussed with Mr Wilson the defences that SPMs were raising, one of
which he said was challenges to Horizon system evidence. As to the email
dated 3 March 2010 from Mr Wilson (POL00106867) which, in the email chain,
refers to "integrity issues", I have addressed that below at paragraph 78.
Aside from that discussion with Mr Wilson and that email, I was not aware of
nor involved in any discussions regarding actual or alleged BEDs in Horizon,
Remote Access, or a lack of integrity with Horizon. I similarly have no
recollection of discussions regarding any SPMs' difficulties in balancing their
branch accounts.
Page 23 of 37
77
78
79
80
WITN11240100
WITN11240100
I have been directed by the Inquiry to the Computer Weekly article dated 11
May 2009 (POL00041564). I have been asked to what extent I was involved
in internal discussions about this article. I do not recall reading this article when
it was published or at any time during my tenure at RMG. I believe that the first
time I read this article was in response to the Inquiry asking me to do soin the
Rule 9 Request for the purpose of preparing this witness statement. I do not
recall this article being mentioned or discussed in any meeting I attended; nor
do I recall anyone discussing it with me.
In respect of the email dated 3 March 2010 from Mr Wilson (mentioned above)
(POL00106867) I have been asked whether I agree with Mr Wilson that the
data was ‘sound’. I have read the first five pages of this document, which
comprise those emails on which I was ultimately copied.
I do not recall reading or receiving this email and reading the email now has
not refreshed my memory. I cannot recall being shown or told anything during
my tenure at RMG which contradicted the fact that the Horizon data was
‘sound’. Reading the email now, that appears to have been the view of Mr
Wilson.
My impression of Mr Wilson was that he was a professional and experienced
lawyer with deep expertise and knowledge in criminal law. I recall knowing at
the time that Mr Wilson was a long serving member of the Criminal Law team
and had been head of that team for some time. At the time, I trusted Mr Wilson
and the judicial process which reviewed the evidence presented to it.
Page 24 of 37
WITN11240100
WITN11240100
81 I am, of course, aware that much later events would show that Horizon data
was not sound. That was not, though, and as indicated in the 3 March 2010
email (POL00106867), the position as understood at that time. As to the
investigation into the Horizon system, which was proposed in that email chain,
I cannot recall what steps were taken by POL’s Security team. I also cannot
recall having any involvement in that process; nor would I have expected to
have done so given the nature of that matter.
Horizon online
82 I have been asked to explain what briefing or training I and those in the Legal
Team received on the migration to Horizon online. I do not recall receiving any
briefing or training on the migration to Horizon Online. I do not recall being
aware of any briefing or training being given to members of the Legal Team on
the migration to Horizon Online.
SPECIFIC CASES
Post Office Ltd v Lee Castleton [2007] EWHC 5 (QB)
83 I have been asked questions by the Inquiry about the Castleton case.
However, I was not aware of or involved in this case and therefore have no
knowledge that I can contribute to the Inquiry. While I was broadly aware of
the numbers and nature of cases being undertaken by the Criminal Law and
Dispute Resolution teams, as noted above at paragraphs 52 and 73, I was not
involved in nor can I now recall being aware of individual cases.
Page 25 of 37
WITN11240100
WITN11240100
84 I have been referred to an email from Mandy Talbot regarding the POL v
Castleton case dated 20 November 2006 and a second email from Mandy
Talbot regarding the POL v Castleton case dated 22 January 2007
(POL00113489 and POL00413522). While I can see that I was a copy
addressee on emails within those chains, I do not recall receiving or reading
them. Further and in response to questions from the Inquiry, reading them now
has not refreshed my memory as to whether I was involved in any discussions
regarding the matters set out in those emails and I cannot recall any such
discussions.
The Prosecution of Seema Misra
85 I have been asked to describe my involvement in the prosecution of Ms Seema
Misra. I was not involved in this case. As noted above at paragraphs 52, 73
and 83, I was not involved in individual cases. Whilst I cannot recall any
discussions I had, I do believe I was informed about this case in general terms
at some point after the judgment had been published in October 2010.
86 I have been asked to consider an email from Mr Singh regarding the Regina v
Seema Misra case dated 21 October 2010, on which I was copied
(POL00044997). I have been asked whether I agree with his comment that the
attack on the Horizon system was "unprecedented". As noted above, I was not
involved in this case. I do not recall receiving or reading this email, nor whether
I responded to it.
87 Reading this document now, my recollection is that Mr Wilson had noted at
some point after the judgment that Ms Misra's defence was the first that was
Page 26 of 37
WITN11240100
WITN11240100
entirely based on challenging Horizon system evidence. I cannot recall further
details of the case at this point.
SPECIFIC DOCUMENTS
Audit and Risk documents
88 I have been asked to consider the outcome reached, in the document titled
Internal Audit and Risk Management Report 06/041 dated March 2007
(POL00338054), that the system was working as prescribed. In particular, I
have been asked to set out how this outcome was reached, if there were any
further discussions/investigations regarding this outcome and whether I
agreed with this outcome.
89 I note from page two of the report that I am on the distribution list for the
"Executive Summary" i.e. the four-page report, excluding the appendices. I do
not recall receiving or reading this report and reading it now has not refreshed
my memory. As noted at paragraph 59, I did not input into audit reports. I do
not recall how this outcome was reached, nor whether there were any further
discussions/investigations.
90 I have been asked to consider the references, in the document titled Internal
Audit and Risk Management Report 07/083 dated February 2008
(POL00423152), to concerns regarding third party compliance. In particular, I
have been asked to set out whether I was in agreement with this outcome,
whether the recommendations discussed in the audit were put in place and
upheld, and whether I am aware of any changes "between 2007 and 2008 that
Page 27 of 37
91
92
93
WITN11240100
WITN11240100
resulted in a different outcome". I note from page two of the report that I am on
the distribution list for the "Executive Summary" i.e. the five-page report
excluding the appendices.
I do not recall receiving or reading this report and reading it now has not
refreshed my memory as to the topics addressed within it. I therefore cannot
recall if I agreed with this outcome. As noted at paragraph 59, I did not input
into audit reports. I do not recall if the recommended actions were put in place
and upheld, but I would have expected them to be given that the Audit and
Risk Committee monitored points raised in audit reports, as noted above in
paragraph 61. I do not recall if there had been any changes between the 2007
and 2008 audit that resulted in a different outcome to the previous audit.
I have been asked to consider the references, in the Minutes of the Audit and
Risk Committee Meeting held on 6 March 2008 (POL00396009), to concerns
regarding system access. I have been asked to clarify what these concerns
were and if they were in reference to Horizon.
I do not recall the meeting to which these Minutes pertain, nor do I recall
receiving or reading these Minutes at the time. Reading these Minutes now,
and in particular the words "system access", I do recall that during my time at
RMG concerns over access profiles were raised during audits. My recollection
is that this was an issue caused by third party access to certain systems not
being removed or limited after they were no longer entitled to such access. I
do not recall this issue being raised in relation to Horizon. The broader issue
was, though, a rolling issue during my time at RMG.
Page 28 of 37
94
95
WITN11240100
WITN11240100
I have been asked about the reference to providing an update on fines,
compensation and litigation, which I note is referred to in the Minutes from the
Audit and Risk Committee meeting held on 6 March 2008 (POL00396009) at
item ARC08/03(d) as well as the Minutes of the Audit and Risk Committee
meeting held on 21 October 2009 (RMG00000068). I cannot recall either
meeting to which the Minutes relate but I believe the reference to an update
from me refers to an update I periodically provided on fines levied by
PostComm payable by RMG, on compensation payable by RMG to bulk users
due to Quality of Service issues (e.g., for missed deadlines and delayed
deliveries) and on material litigation (see above at paragraph 57 in relation to
the report for which I was responsible relating to this matter). A principal
purpose of this report was to support and validate the accuracy for the
provision or contingent liability in the accounts in relation to these items.
I have been asked to consider the references, in the Minutes of the Audit and
Risk Committee Meeting held on 7 May 2008 (POL00396455), to unlimited
access to the "SAP" system by third parties (see item ARC08/15(i)). I have
been asked my view on this finding, and whether this finding relates to Horizon.
I cannot recall the meeting to which these Minutes relate, nor receiving or
reading these Minutes. Reading these Minutes now, though, I consider that
“unlimited access to the SAP system by third party programmers" refers to the
access profile issue as mentioned in paragraph 93 above. I do not therefore
believe that these issues relate to Horizon.
Page 29 of 37
96
97
98
WITN11240100
WITN11240100
I have been asked to consider the document titled Audit and Risk Management
Report 09/013 July 2009 (POL00409468) and the references to the medium
risk the Network Business Support Centre ("NBSC") represented to POL in
relation to its ability to transact business, including reference to artificial
inflation of figures in some circumstances. I have been asked what my view
was in response to this and whether a formal service level agreement ("SLA")
was put in place as a result of the audit.
I note from page two of the report that I am on the distribution list for the
"Executive Summary" (i.e. the first four pages) and not the appendices. While
I note that the NBSC was noted in the report as representing a low risk to RMG
(albeit a medium risk to POL), I do not now recall receiving or reading this
report. I do not recall knowing what the NBSC was nor any discussions about
this issue at the time, and I do not know whether an SLA was put in place.
Reading this report now, I would have expected the actions to be put in place
given that the Audit and Risk Committee monitored points raised in audit
reports, as noted above in paragraph 61.
I have been directed to the Minutes from the Audit and Risk Committee
meeting held on 21 October 2009 (RMG00000068) and asked what Project
Hurst (see ARC09/33(c)) related to. I cannot now recall what Project Hurst
related to. Further, none of the documents provided to me in the course of
preparing this witness statement have refreshed my memory of this matter. I
have also been asked about the references to the whistleblowing policy in
these Minutes. I address these references at paragraph 106 below.
Page 30 of 37
WITN11240100
WITN11240100
99 I have been asked to consider the references, in the Minutes of the Audit and
Risk Committee meeting held on 13 May 2010 (RMG00000004), to Horizon
continuing to be a risk facing the business. I have been asked whether
RMG/POL were aware of potential BEDs at this time. While I don't recall the
specific meeting to which these Minutes relate, I do recall discussions
addressing the going concern position of RMH, as addressed at ARC10/25(d)
of the Minutes. That was a prominent issue for me as General Counsel (as
noted at paragraph 29 above).
100 That said, I do not recall receiving or reading these Minutes at the time. As to
the BEDs, as noted above, I was not aware of the BEDs within Horizon at that
time and do not recall anyone, including members of the Audit and Risk
Committee, discussing these issues with me.
Horizon Online
101 I have been directed to the Minutes of the Investment Committee meeting held
on 18 July 2006 (RMG00000034) and have been asked about my role in the
discussion referenced in those Minutes (at Section 5.4) surrounding Horizon
Online. I note that these Minutes record as an 'Action' that Ninian Wilson and
I were to "review" the contract for Horizon Online. I do not recall the meeting
to which these Minutes relate, nor do I recall receiving or reading these Minutes
at the time. Further, reading these Minutes now has not refreshed my memory
of these matters.
102 As to the Horizon Online contract, I do not now recall it. I do not recall my
involvement in the discussion, nor whether I reviewed this contract. The Legal
Page 31 of 37
WITN11240100
WITN11240100
Team reviewed hundreds of contracts during my time as General Counsel of
RMG. Reading this document now, I would have expected the contract to be
reviewed by the relevant team/s in the Legal Team or by external lawyers in
the first instance at least.
103 I have also been asked by the Inquiry to consider the Minutes of the POL
Horizon Next Generation Steering Group Minutes held on 24 August 2006
(POL00446059). In particular, the Inquiry has asked that I confirm the details
surrounding the "meeting discussed on "22/08" referenced".
104 I note that per the list of attendees that appears on the first page of this
document, I did not attend the meeting to which these Minutes relate. As such,
inevitably I do not have any recollections of the discussions that took place at
this meeting. Further, per the first page of these Minutes, I am not on the
distribution list. I do not recall my receiving or reading these Minutes, nor do I
recall a meeting on "22/08" as referenced. More generally, I cannot recall
discussing any concerns regarding the Horizon Online contract and reading
this document has not refreshed my memory.
105 As noted above at paragraph 102, to the extent that any legal review was
required, in the first instance at least, I would have expected the contract to be
reviewed by the relevant team/s in the Legal Team, or by external lawyers.
Whistleblowing
106 I have been asked to clarify the reference, in the Minutes of the Audit and Risk
Committee meeting held on 21 October 2009 (RMG00000068) (at
Page 32 of 37
WITN11240100
WITN11240100
ARC09/34(b)), to discussions surrounding improvements to "the whistle-
blowing policy and procedures where controls may deliberately be by-passed’.
I do not recall the Meeting to which these Minutes relate, nor do I recall
receiving or reading these Minutes at the time.
107 Reading these Minutes now, I note that this document refers to ‘Project Q'. I
can recall that one of the concerns in Project Q (which related to an
investigation by PostComm — see paragraph 63 above) was that controls were
being by-passed in circumstances separate and unrelated to Horizon. Reading
these Minutes now, I therefore believe that the discussion which was
documented in the Minutes reflected that improvements in compliance training
and to the whistleblowing policy and procedures could improve the relevant
internal controls in relation to compliance with licence obligations in response
to Project Q. In part, those improvements would be aimed at seeking to ensure
that these internal controls were not deliberately by-passed. In response to the
Inquiry's question, and as noted at paragraph 64, so far as I recall, IA&RM had
responsibility for improvements to the whistleblowing procedures.
108 In relation to the Minutes of the Audit and Risk Committee meeting held on 13
May 2010 (RMG00000004), I have been asked what I meant by the reference
to "improved whistle blowing that would provide some reassurance" (at
ARC10/28(h)). As noted above, I do not recall my receiving or reading these
Minutes. However, as noted above (at paragraph 99), my focus regarding the
topics discussed at this meeting would have been those relating to going
concern issues (see item ARC 10/25).
Page 33 of 37
WITN11240100
WITN11240100
109 In terms of the improvements to the whistleblowing policy, again, reading these
Minutes now, I believe the point I was trying to make was that having a revised
and improved whistleblowing facility (as proposed) could have the additional
benefit of forming part of any “adequate procedures” defence by RMG should
this have been required under the Bribery Act 2010, which was due to come
into force on 1 July 2011.
GENERAL
110 I have been asked to reflect on my tenure at RMG and whether there is
anything that, with hindsight, I would have handled differently, or others should
have done differently. I have also been asked whether there are any other
matters that are relevant to the Inquiry's Terms of Reference.
111 Mindful that the focus of the Inquiry is the Horizon system and POL's
involvement with it, as set out above during my tenure at RMG I was not close
to the details of Horizon and had no involvement with individual cases. I
therefore was not involved in many of the matters that are relevant to what I
understand to be the Inquiry's Terms of Reference. As such, whilst I wish to
assist the Inquiry, I do not have any additional comments that I can usefully
contribute.
Statement of Truth
I believe the contents of this statement to be true.
Page 34 of 37
WITN11240100
WITN11240100
Page 35 of 37
WITN11240100
WITN11240100
Index to first witness statement of Douglas George Evans
NO. URN Document description Control number
1. POL00423380 RMG 'Speak Up’ Hotline - I POL-BSFF-
Internal Audit & Risk I 0238195
Management (IA&RM) High
Level Process (draft)
2: POL00396009 Minutes of the Audit and Risk I POL-BSFF-
Committee meeting held on 6 0222679
March 2008
3. POL00106867 Email from Mr Wilson with /POL-0105175
subject line "challenges to
Horizon" dated 3 March 2010
4. POL00041564 Computer Weekly article I POL-0038046
dated 11 May 2009
Email from Mandy Talbot
POL00113489 POL-0112640
>: regarding the POL v
Castleton case dated 20
November 2006
6. POL00413522 Email from Mandy Talbot /POL-BSFF-
regarding the POL v Castleton 0233702
case dated 22 January 2007
ra POL00044997 Email from Mr Singh IPOL-0041476
regarding the Regina v
Seema Misra case dated 21
October 2010
8. POL00338054 Internal Audit and Risk IPOL-BSFF-
Management Report 06/041 I 0163775
dated March 2007
9. POL00423152 Internal Audit and Risk I POL-BSFF-
Management Report 07/083 0237967
dated February 2008
10. RMG00000068 Minutes of the Audit and Risk IVISO00009927
Committee meeting held on
21 October 2009
11. POL00396455 Minutes of the Audit and Risk I POL-BSFF-
Committee meeting held on 7 I 0223125
May 2008
Page 36 of 37
WITN11240100
WITN11240100
NO. URN Document description Control number
12: POL00409468 Internal Audit and Risk POL-0190509
Management Report 09/013
dated July 2009
13. RMG00000004 Minutes of the Audit and Risk I VISO0007412
Committee meeting held on
13 May 2010
14. RMG00000034 Minutes of the Investment I VISO0007442
Committee meeting held on
18 July 2006
15. POL00446059 Minutes of the POL Horizon I POL-BSFF-096-
Next Generation Steering
Group meeting held on 24
August 2006
0007986
Page 37 of 37