POL00038853
POL00038853
CONFIDENTIAL
Conduct of Criminal Investigations Policy
Document Control
1 Overview
Head of Head of Security
Security Operations
Operations
—
ually or
r change
2 Revision History
O.1 16/08/2013 I Rob King Initial draft.
Andrew Wise
0.2 29/08/2013 IRob King Update post Senior
Andrew Wise I Stakeholder Review.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
CONFIDENTIAL
Table of Content
Case Progression Flow Chart
Glossary of Terms
Purpose and Statement
Background
Scope
Key Activities
Case Raised
Event Log
Supervision of Investigation
Investigation
Enquiry Type
Evidence
Background Checks
Planned Order Risk Assessment
QO Interview
1 Searches
5.12 Notebook
5.13 Post Interview
5.14 Interview Notes
5.15 Statements
5.16 Business Failings
5.17 File Construction
5.18 File Submission
5.19 Summons
5.20 Committal
5.21 Case Closed
6 Conclusion
7 Compliance
R. King
Criminal Investigation Policy v2 300813
1
2
3
4
5
-6 Interview Framework and Timescales
7
8
9
1
1
(3)
AA Conduct of
POL00038853
POL00038853
POL00038853
POL00038853
CONFIDENTIAL
Case Raised
Further
Further
Further Action
No Furt
YES
YES
IA“Conduct of
stigation Policy v2 300813 (3)
CONFIDENTIAL
1 Glossary of Terms
AEI Application Enrolment Identity
AS Arrest Summons
ATM Automated Teller Machine
ccTV Close Circuit Television
DPA Designated Prosecution Authority
DVLA Department of Vehicle Licencing
DWP Department of Working Pensions
ECF Event Capture Form
FES Financial Evaluation Summary
FI Financial Investigator
HP Hewlett Packard
H&S Health and Safety
HSH Horizon System Helpdesk
NBSC Network Business Support Centre
NFSP National Federation of Sub Postmasters
NPA Non Police Authority
PACE Police and Criminal Evidence Act 1984
PAH Primary Account Holder
PEACE Planning, Engage and Explain, Account,
Challenge, Evaluation
PNC Police National Computer
POCA Post Office Card Account
POL Post Office LTD
POLCT Post Office Legal and Compliance Team
PORA Planned Operation Risk Assessment
SecOps I Security Operations
SPMR Sub Postmaster
TC Transaction Correction
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
CONFIDENTIAL
2 Purpose and Statement
2.1 This document been prepared as part of the case file
review and is intended to support Security Managers
from the commencement through to the conclusion of the
investigation. Incorporated within this document is
policy, comprehensive guidance of the process along
with key points to consider at various stages of the
investigation.
2.2 Properly conducted investigations form a key part in
our strategy in protecting assets and reducing loss. If
poorly managed, an investigation can lead to increased
risk of future loss and significant damage to the
corporate brand. In commencing any investigation we
need to consider the impact in terms of the protection
of business assets and limiting potential liabilities
weighing against the reputation of the organisation or
damage to the brand should the investigation fail.
2.3 With the stakes so high, the department must be seen,
internally as well as externally to be acting fairly,
appropriately and within the law. The investigation
needs to be properly conducted to establish evidence
that will support a successful criminal prosecution.
3 Background
3.1 Post Office Security is almost unique in that unlike
other commercial organisations we are a non-police
prosecuting agency and are therefore subjected to the
Codes of Practice and statutory requirements of the
Police and Criminal Evidence Act.
3.2 There is another anomaly that sets us aside from other
commercial investigators. Of our 11,800 branches, only
370 are currently staffed by employees of the Post
Office. In the majority of cases branches are either
Franchisees or Agents who receive remuneration. As
neither is deemed to be employees of the Post Office,
the usual practices and procedures of an employer
employee investigation do not apply.
4 Scope
4.1 The scope includes the operational conduct of criminal
investigations as directed by current prosecution
policy, and extends to include any other investigative
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
CONFIDENTIAL
support as required by other internal stakeholders
within Post Office Ltd and law enforcement.
5 Key Activities
5.1 Prior to commencing an investigation the Security
Manager will have to consider
e The seriousness of the allegation
e The level of criminality
e Any contractual, compliance or regulatory concerns
e The potential to damage the reputation of the Post
Office
e The expectations of key stakeholders
5.2 Case Raised
5.2.1Cases are raised from various sources, in each
instance the information is passed to the relevant
operational Team Leader who will evaluate
allegation and decide whether or not a case should be
raised.
5.2.2A shortage at audit will result in the completion of
an Event Capture Form (ECF) report by the lead
auditor. The ECF report is then emailed through to the
Post Office Security Casework Team. On receipt of the
ECF (where a suspension has taken place), this
passed onto the relevant Team Leader who will make the
decision whether to raise a case or not. If this is an
immediate open enquiry the case will be raised before
the ECF is received.
5.2.3All losses where a suspension has taken place are
raised this way, although the loss is not always due
to criminal activity. The Team Leader should review
the circumstances surrounding the audit shortage and
assess whether an investigation is the most suitable
course of action.
5.2.4The following are examples of types of audit
shortages.
e Cash Shortage at Audit No Explanation
e Cash Shortage at Audit Comments made at audit
e Cash Shortage - member of staff (Not the SPMR)
suspected of criminality
e Cash Shortage - Loss hidden Transfers
e Cash Shortage - Loss hidden Remittances
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
POL00038853
POL00038853
CONFIDENTIAL
Cash Shortage - Loss hidden Giro Suppression
Personal Cheque in Drawer
Cash Shortage in ATM
Cash Shortage in Lottery
5.2.5Post Office Card Account (POCA) cases; On occasion,
the Hewlett Packard (HP) Call Centre is contacted by
customers who claim they are victims of fraud. The
Post Office Card Account Primary Account Holder (PAH)
may identify persons who they suspect have defrauded
them and on occasions they are staff or Agents of the
Post Office. The PAH allegation will be received
through the HP Call Centre who, working on behalf of
Post Office Ltd, manage the day-to-day POCA service.
HP operators are requested to record as much detail as
possible and report the allegation to Post Office Ltd
Security, Details of the complaint will be passed onto
the Team Leader. On receipt, the Team Leader should
make an assessment on the validity of the claim.
Should they find no reasonable grounds to support the
claim they should return it to the Admin and Support
Team within 5 working days with ‘NO CONCERN’ annotated
in the Security Comment box. In the event the case is
worthy of further investigation they are to request a
case number and pass to their Team for investigation.
5.2.6Cases can be raised in relation to a specific client;
these can come from various sources such as direct
from the client via the Commercial Security Team, a
complaint from a customer or analysis from the
Grapevine Team. In each case the request is emailed to
the Team Leader to review the details and assess
whether an investigation should take place. Post
Office Ltd has a massive client base; the following
are sources from where cases are usually raised.
DVLA
Royal Mail
DWP
Government Services
AEI Machine
5.2.7Cases also can be raised from various other sources
including.
e Crown Office Issues / Loss
e Suspicious Transactions
e Remuneration
e Contracts Manager
e Police Request
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
CONFIDENTIAL
5.2.8These types of enquiries are sent to the relevant Team
Leader who will make the decision whether to raise a
case or not. The Team Leader informs the Casework Team
via email that a case is to be raised and which
Security Manager has been nominated to deal with the
case.
5.2.9The Casework team then complete the new case raised
document and email this to the security manager along
with any ECF or audit reports which they have
received.
5.2.10 The stakeholder Notification forms part of the
New Case Raised Document. Within this document details
of all stakeholders are listed.
5.2.11 Once a case has been raised the Stakeholder
notification should be emailed to all stakeholders,
casework team and Team Leader as soon as possible. The
Security Manager should ensure that as much detailed
information is included on the stakeholder
notification.
5.2.12 Communication with the commercial team is
essential. It is important to ensure that all
stakeholder updates throughout the investigation are
copied to the commercial security team.
5.2.13 A copy of the stakeholder notification should be
printed; this is associated in Appendix C of the case
file.
5.3. Event Log
5.3.1All activities undertaken during an investigation
should be recorded on the event log; this should also
include reasons for any delay in the progression of a
case.
5.3.2The event log should be printed out and submitted with
the green jacket. This should be updated and a new
event log entry inserted at each stage of the
investigation.
5.4 Supervision of Investigation
5.4.1The decided course of action needs to be proportionate
and necessary. It may, if the circumstances warrant be
more appropriate to consider other actions that could
be done that don’t necessarily lead to a criminal
investigation. Examples include pursuing a_ civil
enquiry for breach of contract, civil debt recovery,
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
POL00038853
POL00038853
CONFIDENTIAL
training review refresher, briefers, additional
auditing, a caution, warning letter and or NFSP
engagement. Some of these possible outcomes may not be
obviously apparent until the subject is interviewed,
although they should be built into the process at this
early stage. Close communication and co-operation with
key stakeholders is essential to ensure that a proper
and considered course of action is taken.
5.4.2Proper consistent supervision is vital to ensure that
cases are thoroughly investigated and submitted in a
timely manner. Team leaders with the support of the
Financial Investigators need to quality assure the
investigation making sure prior to initial submission
that all available evidence has been gathered.
5.4.3From the point the case is first raised Team Leaders
should give due consideration to the merits of a
criminal investigation.
5.5 Investigation
5.5.1It is important to consider the aims, objectives and
scope of the investigation. Not all Post Office
investigations are criminal; the Security Manager may
be called upon to investigate employees under the
grievance and disciplinary procedure. It is important
to determine what type of investigation is required,
what time frames are in place, available resources and
what other issues may affect the conduct of the
investigation. An example may be a flag case with
potential to damage the reputation of the business
where senior stakeholders have an on-going interest in
the progress of the investigation.
5.5.2When a case is raised the Security Manager needs to
prepare an investigation plan which will outline the
terms of reference in the way the investigation will
be conducted. Points to consider include:
e Risk assessment
e Duty of care
The source of the investigation
e Statutory, regulatory or compliance considerations
e Impact on the organisation
e Media
e Timeframes
°
Immediate open enquiry
5.5.3In all cases stakeholder engagement is essential,
updates to stakeholders should be sent on a regular
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
5.5.4
5.5.5
5.5.6
5.5.7
CONFIDENTIAL
basis especially at relevant milestones such as
interview, file submission and summons served. For
high profile cases such as crown office losses updates
should be more frequent and include key senior
stakeholders in the relevant directorate.
For cases raised due to audit shortage, communication
with the auditor on the day of the loss or as soon
after the case is raised is essential to gain an
understanding of the loss and to ensure they will send
all audit documentation (original documentation) to
the Security Manager.
In all cases where a loss has been identified and a
SPMR has been suspended a case conference should be
arranged with the contracts manager at the earliest
opportunity. This is essential and allows for an
exchange of information and understanding of
expectations and direction the contract manager is
planning in relation to the conduct. The contract
process can be found in Appendix A.
There may be occasions where criminality is suspected
that a request is made directly to a contract manager
to consider suspending the SPMR. In these
circumstances the Security Manager must provide a
detailed explanation outlining the rationale
supporting the request. A record must be kept of this
decision which may at some future stage have to be
justified in court proceedings.
The Security Manager has been tasked to prove or
dispel the allegation. In criminal cases where the
burden of proof is beyond all reasonable doubt, it is
necessary to draw on all available evidence which is
likely to substantiate the allegation. In cases
concerning the Horizon system, it is important to
establish the level of training the subject received,
when this was received and action the subject took to
remedy any identified faults. A key point to cover
template has been produced to ensure that Security
Managers establish these facts during the interview
process. As part of the evidence gathering process,
the Security Manager can collect evidence from
various sources including:
Statements from witnesses [current, previous members
of staff]
e Expert witnesses
e Post Office accounting and HR databases
¢ Contract Advisor database
e cctv
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
10
CONFIDENTIAL
Banking records
Telephone records
Interviews with suspects
Alarm Data
5.5.8It is vital that all available witnesses are
interviewed. If there is a good reason for not doing
so this must be recorded in the progress of
investigation log.
5.5.9The Security Manager must not overlook the fact that a
fair investigation is there to establish the truth as
well as substantiate the allegation, so it is
important that any evidence uncovered that may support
the subject’s position is also recovered. It is
important to document every action, decision and
reason for decisions being made during the course of
the investigation.
5.6 Enquiry Type
5.6.1Immediate Open Enquiry. Where immediate response is
appropriate and few pre-interview enquiries are needed
or practicable.
5.6.2Major Enquiry >£15,000 (or major customer / client /
reputation impact) where immediate response is not
possible due to the requirement to perform pre-
interview enquiries / analysis.
5.6.3Standard Enquiry. All other enquiries not included in
the above - where immediate response is not possible
due to the requirement to perform pre-interview
enquiries.
5.6.4Liaison. Any case where liaison with another
investigative body conducting enquiries into criminal
activity at Post Office Ltd branches.
5.7 Interview Framework and Timescales
5.7.1All significant steps in the investigation including
any lengthy delays in concluding the enquiry need to
be recorded. The progress of investigation document
will eventually form part of the unused material and
should be produced with the file. The details of
investigation need to be sufficiently informative
although an element of objectivity needs to be
applied.
5.7.2Significant points can become critical should the
enquiry concern non availability of witnesses,
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
11
POL00038853
POL00038853
CONFIDENTIAL
external stakeholders or any other influential factors
which may force undue delay.
5.7.3A culture needs to be embedded where Security Managers
are aware and fully understand the importance of
providing a comprehensive chronological account of an
investigation, not merely to avoid undue criticism,
but also where there could be an issue with the case
at some later stage which may undermine the likelihood
of successful prosecution.
5.7.4Interview Date. Person concerned should be contacted
and Interview should be arranged without delay.
Timescales will depend on preparatory work that needs
to take place prior to this. Good Evidence Takes Time.
In complex cases there may be a need to conduct a
preliminary [holding] interview with a more detailed
interview taking place when further enquiries have
been completed.
5.7.5 Immediate Open Enquiry. Interview on day of
notification (where possible) minimum within 48 hours
and case submitted to normal report timescales (12
days).
5.7.6Major Enquiry. Case to be at “person concerned”
interviewed within 1 month of case raised.
5.7.7Standard Enquiry. Case to be at “person concerned”
interviewed and submitted / closure stage within 2
months of raise. Should enquiries indicate increased
loss or impact, status must be amended to Major
Enquiry immediately.
5.7.8Liaison. Regular contact should be maintained with the
authority (Police, Royal Mail, DWP) dealing with the
case.
5.7.9After the first month the Security Manager should
discuss the case with their Team Leader and a way
forward agreed, this will ensure that the liaison case
is progressed.
5.8 Evidence
5.8.1Good communication with the audit team is crucial to
ensure evidential resilience in relation to the
continuity of exhibits. Every effort must be made to
ensure that the person finding is the person
exhibiting and original documents that will form the
evidential basis of the case are retained until
collection. The continuity will be stronger if the
documents seized are secured and handed over against a
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
12
POL00038853
POL00038853
CONFIDENTIAL
signature. In circumstances where the only viable way
is to send the documents through the post they should
be sent by the Auditor to the named Security Manager
by Special Delivery.
5.8.2Auditors are to be encouraged to record any
significant comment made in the course of the audit
either unsolicited or in response to a _ reasonable
question to complete the audit such as “I have checked
the money in the safe and there appears to be a
shortage, is there any money stored elsewhere that
needs to be checked?” . In the case of the unsolicited
comment, the auditor should record this i.e. “I know
you will find a shortage, I borrowed the money”.
However any further question such as “why” would
constitute an interview and the Auditor must refrain
from asking such questions.
5.8.3In such cases, the Auditor should inform the subject
that their comment will be recorded but any further
questions concerning the comment may be conducted
under caution by a Security Manager where the subject
has been accorded their rights. This should not
distract from the role of the auditor and questions
around should still be asked to verify financial
assets due to Post Office Ltd.
5.8.4In cases where the subject wishes to make comment, the
Auditor again should record the initial comment,
advise the subject as above and if they continue, note
in the record, that the person concerned was advised
that they would have the opportunity to be interviewed
by a Security Manager under caution at a later stage.
THEN CONTINUE TO RECORD THE COMMENT. Again any
questions even for clarification from the auditor
would constitute an interview and could/would render
the evidence inadmissible so the Auditor must refrain
from asking such questions.
5.9 Background Checks
5.9.1Local Management Checks
Contact with the contract manager is essential; they
can provide the Security Manager with a background on
the individual along with providing all information
relating to the branch from their database.
5.9.2Training Records. A request for the branch training
history should be made to the Network Support Admin
Team email address. This will detail what training was
received for the SPMR when he was appointed to the
branch, it will also show any intervention training
requested or delivered for the branch. It is the
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
13
5.9.3
5.9.4
5.9.5
5.9.6
CONFIDENTIAL
SPMR’s responsibility to train his staff, no records
for training (apart from compliance training) is kept
for SPMR assistants.
Post Office Ltd Human Resources Printout. The Sub
Postmaster Printout or employee printout should be
obtained for all cases by emailing Human Recourses
using the HR Assistant Checks email address. This
document can provide the following information -
The subject’s personal details, such as NI number,
home address, bank account(s), next of kin
Date the SPMR was appointed
Claims data (i.e. holiday pay) & dates the SPMR was
on holiday.
The full SPMR file can be requested by emailing
‘Contract Admin Team’
P356 Assistant List. The P356 Assistant list should be
requested at the same time as the HR Printout from the
HR Assistants Check email address. This report can
provide the following information
Name, date of birth and NI number
Persons registered to access Horizon (users), at that
Post Office
The Horizon user’s identities for each assistant
Whether the assistant is a permanently employed or
temporary/holiday relief.
Date the person was activated to use Horizon and the
date users were removed from the Horizon system
SPMR Remuneration. The remuneration from a particular
branch can be obtained via an e-mail to HR Agent
Remuneration.
Police National Computer (PNC). Post Office Ltd PNC
checks can be made for intelligence gathering purposes
in respect of individuals and vehicles suspected or
known to be involved in crime against the Post Office
Ltd. Examples of authorised use are as follows:
To assist authorised personnel with intelligence
gathering around individuals suspected/ known to be
involved in committing criminal offences
For operational Health & Safety considerations and
evaluations prior to the engagement with the person
concerned as part of the operational risk assessment
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
14
POL00038853
POL00038853
CONFIDENTIAL
e To obtain previous conviction details of defendants
and witnesses for cases being prosecuted by Post
Office Ltd
e To establish intelligence with regards to vehicles
and occupants suspected to be involved in criminal
activity against the Post Office
e To identify the registered keeper of vehicles
connected to the address of a suspect/known offender
involved in criminal offences against the Post Office
Ltd
Do not conduct checks for the following reasons:
e Unsubstantiated allegations about an individual
e “Fishing trips”, for example blanket checking
vehicles or persons such as all vehicles in a staff
car park in an effort to identify a suspect’s vehicle
e To identify ownership of a vehicle in accordance with
Proceeds of Crime Act
5.9.7Equifax: Security Managers can rely on Equifax to
provide the following information:
e Personal details
e Addresses
e Court and Insolvency Information, (i.e. county court
judgments)
e Alert Indicators (Office of Foreign Assets Control)
e Alias and all names used
e Associates
e Electoral data confirmation
e Credit transactional activity, including the client
and transactional history
e Record of searches done by Equifax clients, (i.e.
banks and retailers)
Property valuation
Additional addresses-linked addresses
Directors data
Commercial searches, (i.e. valuable data relating to
the subject’s business)
5.9.8Land Registry. Security Managers have access to the
Land Registries in England and Wales, Scotland and
Northern Ireland. Most searches take between a few
minutes to a few days, depending on the registry.
Obtaining the subject’s full address is important.
Land Registry can provide the following type of
information/data:
e The owner(s), type of ownership & address
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
15
POL00038853
POL00038853
CONFIDENTIAL
The value of property
An extract of the official Title Deed
Copy of the Title Register, Title Plan
Registered Old Deeds, including historical editions
of the register and title plan
e Any charge on the property, and the relevant
financial institution (mortgage.)
5.9.9Network Business Support Centre (NBSC) Call Logs. NBSC
call logs can be obtained by emailing the Branch and
IT System Team at Dearne House. These logs will detail
all calls made by a branch into the NBSC. These logs
can be very useful where a SPMR or employee claim that
they have reported the loss or incident.
5.9.10 Credence; is a tool used to analyse detailed
transactional data from a particular branch. This is
useful to prove details of particular transactions or
events. Only data, up to 90 days, can be extracted and
analysed by Post Office Ltd Security. An application
to Fujitsu will turn the MI data into data/documentary
evidence for use in the criminal courts. Older
historic data can also be obtained. Fujitsu will only
provide a witness statement relating to the
authenticity of the data only, not the specific
transactions relating to your enquiry.
5.9.11 ONCH. The Cash Management team can provide Over
Night Cash Holdings (ONCH) data for a specific branch.
This data gives in depth cash analysis for a branch
including what denomination of notes a branch has
declared on a given date along with cash remittances
in and out. A request for this data can be made to the
Retail Cash Management Team who will highlight any
concerns they might have with the branch. The same
information can be requested for Foreign Currency
holdings.
5.9.12 Full Rota Check. A ‘full rota check’ allows for a
full data search for a specific branch relating to
transaction issues. This can include any transaction
corrections (TC’s) scratch card, remittances, stock
adjustments and other specific office’s products. This
check can be arranged via Post Office Ltd Security
Grapevine strand, Analyst & Support team in
Chesterfield.
5.9.13 Alarm data. Obtaining alarm data from ROMEC can
be a useful tool in determining access to the Post
Office secure area and safes. Data around perimeter
and safe set / unset times can be interrogated to
assist in the investigation.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
16
POL00038853
POL00038853
CONFIDENTIAL
5.10 Planned Operation Risk Assessment (PORA)
5.10.1 The PORA process is mandatory in any Post Office
led investigation which may involve a_ planned
interview under caution or premises search. A PORA is
required for each subject involved in the
investigation, In order to manage the risks
effectively Security Managers should conduct any risk
related intelligence checks and/or enquiries that they
feel are necessary as part of the PORA process. The
following checks are available and thought to be the
most relevant to Post Office Security cases:
e Local Management check: This may also identify other
information such as health issues, including
suspected drug or alcohol habits, or outside
interest’s e.g. domestic circumstances which may
impact on H&S
e PNC Individual checks: This may identify “warning”
indicators or previous convictions of both suspects
and others at the address. It may also identify
other information which impacts on H&S such as any
history regarding the certification (or refusal) of
firearms or orders recalling persons to hospital
e Full Equifax check: This check can be used to
identify current occupants at an address to be
searched or visited. A “Full Investigation” Equifax
check should be undertaken
e PNC Vehicle check: This can reveal registered keepers
of vehicles at a specific address
e Land Registry checks: These will identify the owner
of property
e Local Police Intelligence check: May identify risks
regarding the suspect or other incidents or persons
at the address(es) and the geographical area(s) to be
visited. It may also identify other law enforcement
interest
5.10.2 Risk Score. Where any risk is assessed as High, a
Senior Security Manager should be consulted and the
assistance of the Police sought before any
investigation activities which bring Security Managers
into contact with the subject are commenced.
5.10.3 Where the Planned Operation is assessed as Low or
Medium risk, line manager’s authority must be obtained
before any Security Manager activities which bring
Security Managers into contact with the subject are
commenced.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
17
POL00038853
POL00038853
CONFIDENTIAL
5.11 Interview
5.11.1 Where the rights of a lawyer to be present are
offered to the subject who wants their own solicitor
and they are not available, consider your position in
terms of recovering evidence and not compromising the
investigation. In this instance inform the subject
that as their lawyer cannot attend within a reasonable
time, arrange for the subject to be arrested and
booked in at the local police station where a
solicitor from the nominated list or the duty
solicitor can be offered.
5.11.2 Reasonable time may differ depending on the
circumstances and any action taken needs to be
justified and documented. It is likely that an
explanation for this course of action will be required
at court. A rule of thumb is what the average lay
person may consider reasonable given all the facts. It
is important to note that the need to gather evidence
and investigate the case in a timely manner is not
unduly compromised.
5.11.3 Arrest by the police may be justified on the
basis that there are reasonable grounds to suspect an
offence has been committed and there are reasonable
grounds for believing that the arrest is necessary.
The statutory criteria for what may constitute
necessity are set out in para 2.9 of Code G PACE.
Inviting the subject to the police station to obtain
legal representation may not be effective as the
person concerned is at liberty to leave at any time.
The Security Manager should direct the investigation
appropriately to remain in control of the evidential
process without jeopardising the subject’s legal
rights. Code G of PACE is laid out at Appendix B.
5.11.4 Consider maximising the opportunity to capture
evidence at the earliest stage, i.e. where there is a
significant comment. In more complex cases where a
more in depth interview is required hold a preliminary
interview, cover off the significant comment and hold
a second interview at a later stage when more evidence
is gathered. Think of the Golden Hour of capturing the
evidence. Always follow the PEACE model [Planning,
Engage and Explain, Account, clarification and
challenge, Closure, Evaluation] . Consider the
ingredients of the offence; dishonestly appropriates
property belonging to another with the intention of
permanently depriving the other of it. Ensure that
these are established during the interview. Deep dive
into areas where defences are likely. These can be
countered by careful planning and skilful questioning.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
18
POL00038853
POL00038853
CONFIDENTIAL
A comprehensive guide to interviewing using the PEACE
model can be found at Appendix C.
5.11.5 One on one interviewing should be considered on a
case by case basis. There is no reason why in a
straight forward investigation where there have been
admissions and risk is considered low, that a one on
one tape recorded interview should not be considered.
This will free up resources and should be encouraged
wherever possible. Clearly in more complex cases,
where there is a need to pre prepare and the nature of
the investigation may benefit from an interviewer with
greater subject knowledge, then the interview must be
conducted by two persons. Similarly for training and
development purposes.
5.11.6 Should the recent Second Sight review be brought
up by a subject or his representative during a PACE
interview the Security Manager should state: ‘I will
listen to any personal concerns or issues that you may
have had with the Horizon system during the course of
this interview *
5.11.7 The following three areas need to be covered in
as much detail as possible at an appropriate point
during all PACE interviews, regardless of whether
Horizon is mentioned or not. Where the case clearly
has no link with Horizon (e.g. theft of mail) then you
must gain authorisation from your line manager to
proceed outside of this process.
Training
eHow long have they worked at the Post Office?
eHad they any previous PO experience?
eHow long did their initial training last? (Please
see guidance below and get as much detail as
possible)
eWhat did it cover? (I.e. transactions, balancing,
ATM, lottery etc.)
eDid they request any follow up training? (If so who
with?)
eWas there a period when the accounts balanced? If
so, then why did things run smoothly then?
Support
eWho did they tell that they were having problems?
eWhy didn’t they request any help?
eWhat support are they aware of (i.e. NBSC, HSH, area
managers)
eHave they contacted the NBSC for support before?
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
19
CONFIDENTIAL
Horizon
eHave they contacted the HSH before?
eIf they believed that there was a fault with Horizon
then who did they report it to and when? If they
didn’t report it then why not?
5.11.8 NBSC call logs should be requested for all cases.
As should HSH call logs.
5.11.9 Training records for all new cases are
automatically sent by casework team. For info the
current standard is:
e SPMR receives 6-8 days of classroom training (this
depends on the products that their office transacts)
e SPMR receives 6 days of onsite training and support
including at least one balance
e SPMR receives an announced visit after one month to
provide support, go through the compliance
requirements and for a cash check to be completed
e SPMR receives an announced visit after 3 months for
further support, compliance questions and a cash
check
e SPMR receives an unannounced visit after 6 months for
further support, compliance questions and a Financial
Assurance audit
5.12 Searches
5.12.1 In all cases a search of vehicle and premises
should be considered. Searches are conducted by
consent and should be conducted in the spirit of PACE
where reasonable grounds to suspect there is evidence
on the premises that relates to the offence.
5.12.2 If the subject refuses to consent to a voluntary
search the Security Managers line manager should be
contacted and if required further advice and guidance
sought from the criminal law team.
5.12.3 If the subject refuses to consent to a voluntary
search and there are reasonable grounds to suspect
that evidence relating to the offence may be found,
then contact police with a view to arrest the subject.
A search can then be conducted by police following
arrest. The Security Manager should agree this course
of action with their line manager and advice sought
from the criminal law team.
5.13 Notebook
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
20
CONFIDENTIAL
5.13.1 Notebooks are an essential element in a Security
Managers toolkit. They are the recognised and
preferred way of recording evidence that is not
recorded elsewhere in a more formal document. They are
numbered individually and are issued to all Security
Managers performing investigation duties.
5.13.2 Due to the nature of the information recorded in
a notebook it can be produced, if required by the
Security Manager, in a Court of Law. It is essential
that all notebooks be completed with a degree of
uniform professionalism.
5.13.3 General rules
e Make all entries in chronological order
e All entries must be made in ink (black preferably
e Any errors must be crossed out with a single line, so
that the original entry can be seen and then
initialled
e Do not remove any pages, they are all numbered
sequentially
e Do not make additional entries between the ruled
lines. If it is of paramount importance that, if you
make an additional entry, make it at the end of your
existing entry explaining why it is not in
chronological order
e A single line should be scored through any blank
spaces or lines
e All entries should be signed, timed and dated
e All notes made on informal pieces of paper such as
newspapers, should be transferred to the notebook as
soon as practicable. The entry should include why it
was not practical to enter the note directly into the
notebook. The Security Manager must retain the
original note
5.14 Post Interview
5.14.1 48 Hour Offender Report: To be emailed to Team
Leader, Casework Team, Financial Investigator (if
appointed) Primary Stakeholder within 48 Hours of the
interview.
5.14.2 FES Report: Financial Evaluation Sheet to be
emailed to Financial Investigator within 48 hours of
the interview.
5.14.3 Write the Case Summary Report: This is to be
written using example report and guidelines that can
be found on the Secops sharepoint site. The case
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
21
CONFIDENTIAL
summary should be a succinct chronological account of
the investigation highlighting key facts. The rule of
thumb is to produce an account which the reader can
quickly digest to get a general overview of the
allegation. Key witnesses and a brief outline of what
they say can be included as well as a synopsis of what
was said during interview. The statements, interview
record and exhibit list can be examined should the
reader require further information.
5.14.4 Write Discipline Report. The discipline report to
be written using example report and guidelines which
can also be found on the sharepoint site.
5.15 Interview Notes
5.15.1 In the majority of cases at initial submission,
the Notes of interview need to be a brief account of
the interview and any significant comment. It is
therefore good practice to write down a note of the
interview and generally what was said on completion.
5.15.2 An example note could be: throughout the
interview the subject stated that he had borrowed the
money to make up a shortfall and when challenged over
this accepted that it was wrong / dishonest to take
the money.
5.15.3 No comment interviews should not be transcribed.
Unless there is a very good reason for a full
transcript, in the majority of cases for the initial
submission a note of interview will suffice.
5.15.4 Where the prosecuting lawyers request a
transcript as part of the advice process or for
preparation for committal proceedings it will be
completed by the typist, checked and sent by the
Security Manager.
5.15.5 Where appropriate to transcribe the Audio
recording of an interview the request should be sent
to the typist. An email should be sent to
cathphilbin@aol.com. The email should also be copied
to the FI at Chesterfield to ensure return of the CD.
5.16 Statements
5.16.1 In all instances the following standard
statements should be taken and submitted with the
green jacket.
e First Officer Statement
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
22
CONFIDENTIAL
Second officer Statement
Horizon System Statement
SPMR Contract Statement
Lead Auditor Statement
5.16.2 In the course of an investigation other
statements may need to be acquired, these could be
statements to describe a particular process such as
how to carry out a particular transaction. If the Post
Office Legal and Compliance Team (POLCT) consider that
such a statement is required to progress’ the
prosecution they will send an advice requesting this
further information.
5.16.3 Where statements can be taken over the telephone
this should be done to save time, resources and it
must be encouraged. Statement taking over the
telephone is a modern and accepted practice.
5.16.4 Rather than a hand written Section 9 statement,
there is no reason why a draft statement cannot be
prepared in note form. The statement can then be typed
up subsequently, with any changes, clarification or
ambiguity amended. It is vital that the original notes
are retained. On typing up the statement it can be
sent to the recipient for checking and amending. Once
agreed, the statement must be signed and sent back to
the Security Manager.
5.17 Business Failings
5.17.1 If business failings or procedural weaknesses are
identified this should be completed on the relevant
tab of the new case raised form and emailed to all
stakeholders including Commercial Security. This
should be printed off and associated in appendix C of
the file.
5.18 File Construction
5.18.1 A Green Jacket should be constructed as per the
following guidelines.
5.18.2 Case files will include a schedule of unused non-
sensitive material and unused sensitive material
[Public Interest Immunity, Legal Privilege and
documents that may highlight the methods used for
investigation] The Appendix “C” in the case file will
be retained by the Security Manager as oppose to
submitted with the file. Where solicitors may wish to
examine any unused material it should be requested and
sent by the Security Manager.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
23
POL00038853
POL00038853
CONFIDENTIAL
5.18.3 The body of the file.
e Case Raised Front Sheet
e Event Log [added to as the case progresses to
conclusion]
e File Contents Index
¢ Case File summary; numbered paragraph.
e Index of Statements (Actual Statements in Appendix A)
e Interview Summary
e Index to Exhibits
e Unused Material list [This negates the need to submit
Appendix C and fill the file with emails. The unused
material list can be added to as the case progresses]
5.18.4 As a general rule Appendix; A = Witness Statement
B = Evidence C = Other material
5.18.5 Appendix A
e Typed Witness Statements
e Summons Documents
5.18.6 Appendix B
POLOOL
Evidence
Notebook Entry
Search Documents
Working Tapes
PNC check results (include no trace replies)
5.18.7 Appendix C (Appendix C should be collated, but
NOT be submitted with the file when sent to Post
Office Legal an Compliance Team)
Stakeholder Notification
HR Printout
Assistant List
Interview Letter
POLO03
Business Failings
Discipline Report
e Antecedents
e NPAOL
5.19 File Submission
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
24
POL00038853
POL00038853
CONFIDENTIAL
5.19.1 Cases for Advice. In some instances where the
Security Manager is unsure on the strength of the
evidence the case can be submitted to the POLCT for
advice. The POLCT will apply the evidential test and
will advise on the next course of action such as
further statements or case to be closed.
5.19.2 On completion of the file, it will be submitted
to the Team Leader for checking, signing off and
forwarded to the POLCT via registration. Should
further investigation be deemed necessary at this
stage, the file will be returned to the Security
Manager. Where a request is made from POLCT for
further enquiries, the team leader will be copied into
the relevant email. It is imperative that the progress
of enquiry document is comprehensively kept up to date
and copies of any generated emails saved. These can be
inserted into the file in appendix C when the
enquiries are complete.
5.19.3 Should advice be sought from Cartwright King
solicitors, the Team Leader and POLCT will be copied
into any requests for further evidence. The details of
investigation log must be maintained and copies of
emails retained. On completion of the enquiry, the
green docket case file will be sent to the Security
Manager for copies of any emails to be inserted along
with the progress of investigation log prior to final
submission to Head of Security via the Team Leader.
5.19.4 Each case file should the follow the stated
process:
5.19.5 Security Manager > Team Leader > Post Office
Legal and Compliance Team > Cartwright King > Head Of
Security > Team Leader > Security Manager
5.19.6 Security Manager > Team Leader
Once the file is ready for submission the Security
Manager should send the green jacket to their Team
Leader for review. The Team Leader should sense check
the case file and ensure it is evidentially robust
and properly constructed. The Security Manager should
send electronic copies of the case summary report,
audio transcripts and discipline report to Post
Office Security.
5.19.7 Team Leader > Post Office Legal and
Compliance Team
The Team Leader will then forward the file to the
POLCT. The file will be reviewed by the POLCT and a
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
25
CONFIDENTIAL
decision made whether further progression be made
with the case. If the decision is No Further Action
the file is returned to casework at that point. If
the POLCT decides that further enquiries are required
this will be forwarded to the Security Manager
including Casework and the Team Leader.
5.19.8 Post Office Legal and Compliance
Team > Cartwright King
If the decision is to proceed with the prosecution
case the file is the forwarded to Cartwright King for
advice on charges. (In some instances POLCT will put
charges together).
5.19.9 Cartwright King > Post Office Legal
and Compliance Team
Cartwright King will prepare advice and charges for
the case (or advise no further action). If further
enquiries are required they will contact the Security
Manager direct, copying in the team leader and send
an advice detailing the further enquiries. The advice
along with charges and case file is then sent back to
casework.
5.19.10 Post Office Legal and Compliance Team > Head Of
Security
The file is then forwarded to the designated
prosecution authority (DPA) for authority to proceed.
The DPA will review the case file and decide whether
to proceed with the advice from the POLCT and
Cartwright King or whether to take a different course
of action. The authority to proceed (or other
instruction) will be inserted into the case file.
5.19.11 Head Of Security > Team Leader
The file is the forwarded back to the casework team.
5.19.12 Team Leader > Security Manager.
The file is returned with advice and charges submitted
in the case file for the Security Manager to proceed.
5.20 Summons
5.20.1 If advice from Cartwright King or the POLCT is to
prosecute and the Head of Security has given authority
to proceed, then the Security Manager needs to obtain
a summons.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
POL00038853
POL00038853
26
POL00038853
POL00038853
CONFIDENTIAL
5.20.2 The Security Manager will make contact with the
relevant Magistrates’ Court to set a date for the
suspect’s first appearance at court. Summonses are
also applied for. Upon receipt of the summonses the
Security Manager will serve the summonses by way of
posting them to the Person Concerned using the Royal
Mail Special Delivery service.
5.20.3 Set a Court Date
e Contact the Magistrates court where the offence took
place and confirm that court deals with the matter
and the address where the summons are to be sent for
signature
e Contact listings and inform them you are a private
prosecution - (certain courts have set days for non-
police prosecutions)
e Obtain a date normally six weeks from date of request
but no more than 8 weeks
5.20.4 Acquiring Arrest Summons (AS) Number
e Update the front of the NPAO1 with the date of the
court hearing and the details of the court
e Complete the offence and the method used in offence
section on the front of the NPAO1]
e Email the updated NPAQl to the casework team. The
casework team will apply to the relevant police force
for an AS Number which is required for the court to
sign the summons. The AS number will be emailed back
to the Security Manager within a few days of the
submission of the NPAOQ1] (different police forces work
to different timescales to times will vary)
5.20.5 Applying for the summons.
e Prepare three copies of the summons
e Prepare one information sheet
e Send to the court for signature with covering letter
- all three copies of the summons should be signed
and returned
e Court will retain the information sheet
e¢ Inform the agents Solicitors appointed by POLCT of
the time and date of the court appearance
5.20.6 On receipt of the summons
e Take a photocopy of the defendant’s copy of the
summons
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
27
POL00038853
POL00038853
CONFIDENTIAL
e Send the original copy of the defendants summons
together with a POLO44 (Charge or summons notice) and
a copy of the means form
e Summons can be either served personally or via Royal
Mail Special Delivery to the person concerned
5.20.7 Once conformation has been obtained that the
summons has been received POLCT and Cartwright King
must be informed. The back of the defendants
photocopied summons should be endorsed with the
following:
I certify that today, (date), I personally served a
copy of the summons upon (Name), the defendant named
overleaf.
Or
I certify that a copy of the summons overleaf has been
served upon (Name), the defendant named overleaf. The
summons was sent via Royal Mail Special Delivery
(number) and was delivered (date and time).
5.20.8 Prepare and send to POLCT a covering letter
confirming the summons has been served, together with
a copy of the POLO33 and any TIC’s by post. Update the
front of the NPA form with the summons was applied for
and the date the summons was served. Complete the
offence and the method used in offence on the front of
the NPAQ1].
5.20.9 Email Casework team and POLCT the confirmation of
service letter together with the NPAQ]. If the case is
a FI case then the FI should be copied into the email.
Copies of the summons go in Appendix A of the file.
5.21 Committal
Committal Checklist
POLOO6B Self Disclosure
POLOO6c Schedule of non-sensitive unused material
Sensitive Material
Continued Disclosure Report
Witness List
Witness Address
e Witness Non Availability
e List Of Exhibits
e Memo to POLCT
5.22 CASE CLOSURE
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
28
POL00038853
POL00038853
CONFIDENTIAL
5.22.1 On completion of the investigation, it is vital
that a review of the root cause of the investigation
is undertaken by the Security Manager. It is important
to ascertain whether any system processes, integrity
of the financial commercial product, technical issues,
training delivered or procedures may have provided an
opportunity to commit the offence. Equally important,
the vulnerability of the product or process in its
current form and likelihood of similar offences being
committed in the future needs to be considered. A
comprehensive report outlining the cause of the
offence will be submitted to Commercial Security at
the conclusion of each investigation.
5.22.2 As part of the Post Office retention policy, case
files must be archived and retained for at least 7
years.
5.22.3 Case closed Notification.
e In all cases where a decision is taken to close a
case it must be authorised by the Security Managers
Team Leader
e The Case Closed notification should be completed and
emailed to the Security Managers Team Leader, Post
office Security all major stakeholders and the
Commercial Security team
e As much detail as possible should be included in the
case closed notification explaining the decision for
the course of action taken
e In some instances a case will be closed with no green
jacket, this could be a case where the matter was
dealt with under conduct. and no criminality
identified. If there is no green jacket this should
be highlighted on the case close notification and
also annotated at the top of the email to Post office
Security
6 Conclusion
6.1 One of the key programmes of the Security Operations
strategic plan for 2013 has been the case file review.
Separation from Royal Mail Group has presented
opportunities to shed outmoded investigation practices
and tailor processes that not only meet the current
needs of the business, but challenges us as a team to
work smarter, and deliver a professional, comprehensive
and fair investigation in a timely manner. With the
advent of the Second Sight interim report it is likely
that scrutiny will continue to focus on the fairness,
evidential quality and professional standard of
criminal investigations. Completion of the
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
29
POL00038853
POL00038853
CONFIDENTIAL
investigation review, which serves as a guide to
Security Managers in the conduct of their
investigations is a timely document which embodies the
ethos of Care, Challenge and Commit.
7 Compliance
7.1 Post Office Security Operations Management will
regularly assess for compliance against this policy.
Any violation of this policy will be investigated and
if the cause is found to be due to wilful disregard or
negligence, it will be treated as a disciplinary
offence. All disciplinary proceedings are coordinated
through the Human Resources Department.
R. King AA Conduct of
Criminal Investigation Policy v2 300813 (3)
30