WBON0000466
WBON0000466
CONFIDENTIAL
Conduct of Criminal Investigations Policy
Document Control
1 Overview
Head of Security Head of Security
Operations Operations
0.2 29th August 2013
2 Revision History
16/08/2013 Rob King Initial draft.
Andrew Wise
0.2 29/08/2013 Rob King Update post Senior Stakeholder Review.
Andrew Wise
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBD_000336.000001
WBON0000466
WBON0000466
CONFIDENTIAL
Table of Content
Page
Case Progression Flow Chart 3
1 Glossary of Terms 4
2 Purpose and Statement 5
a Background 5
4 Scope 5
5 Key Activities 6
5.1 Case Raised 6
5.2 Event Log 8
5.3. Supervision of Investigation 8
5.4 Investigation 8
55 Enquiry Type 10
5.6 Interview Framework and Timescales 10
5.7 Evidence 11
5.8 Background Checks 12
5.9 Planned Order Risk Assessment 15
5.10 Interview 15
5.11 Searches 17
5.12 Notebook 18
5.13 Post Interview 18
5.14 Interview Notes 19
5.15 Statements 19
5.16 Business Failings 20
5.17 File Construction 20
5.18 File Submission 21
5.19 Summons 23
5.20 Committal 24
5.21 Case Closed 25
6 Conclusion 25
7 Compliance 26
—_
Case Raised
AA Conduct of Criminal Investigation Policy v2 300813 (3)
2
ommercial Team
WBD_000336.000002
WBON0000466
WBON0000466
CONFIDENTIAL
No Further Action
to proc
Inten
Compile
Case Preparation
Phase 1 MG Format
Further Action
rther enquiri ‘
File returned
Team Leader
Further Enquiries to be Further Action
made. File returr <>
Criminal Law Team
Team Leader informed
YES
Further Action rtwright King to produce Aisne raat
<> case to be closed.
YES
Head of Security to
authorise prosecution?
Application Enrolment Identity ]
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBD_000336.000003
CONFIDENTIAL
AS Arrest Summons
ATM Automated Teller Machine
CCTV Close Circuit Television
DPA Designated Prosecution Authority
DVLA Department of Vehicle Licencing
DwP Department of Working Pensions
ECF Event Capture Form
FES Financial Evaluation Summary
Fl Financial Investigator
HP Hewlett Packard
H&S. Health and Safety
HSH Horizon System Helpdesk
NBSC Network Business Support Centre
NFSP National Federation of Sub Postmasters
NPA Non Police Authority
PACE Police and Criminal Evidence Act 1984
PAH Primary Account Holder
PEACE Planning, Engage and Explain, Account, Challenge, Evaluation
PNC Police National Computer
POCA Post Office Card Account
POL Post Office LTD
POLCT Post Office Legal and Compliance Team
PORA Planned Operation Risk Assessment
SecOps Security Operations
SPMR Sub Postmaster
TC Transaction Correction
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000004
2
2.1
2.2
2.3
3
3,1
3.2
4
4.1
5
5.1
CONFIDENTIAL
Purpose and Statement
This document been prepared as part of the case file review and is intended to
support Security Managers from the commencement through to the conclusion of
the investigation. Incorporated within this document is policy, comprehensive
guidance of the process along with key points to consider at various stages of the
investigation.
Properly conducted investigations form a key part in our strategy in protecting
assets and reducing loss. If poorly managed, an investigation can lead to increased
risk of future loss and significant damage to the corporate brand. In commencing
any investigation we need to consider the impact in terms of the protection of
business assets and limiting potential liabilities weighing against the reputation of
the organisation or damage to the brand should the investigation fail.
With the stakes so high, the department must be seen, internally as well as
externally to be acting fairly, appropriately and within the law. The investigation
needs to be properly conducted to establish evidence that will support a successful
criminal prosecution.
Background
Post Office Security is almost unique in that unlike other commercial organisations
we are a non-police prosecuting agency and are therefore subjected to the Codes
of Practice and statutory requirements of the Police and Criminal Evidence Act.
There is another anomaly that sets us aside from other commercial investigators.
Of our 11,800 branches, only 370 are currently staffed by employees of the Post
Office. In the majority of cases branches are either Franchisees or Agents who
receive remuneration. As neither is deemed to be employees of the Post Office,
the usual practices and procedures of an employer employee investigation do not
apply.
Scope
The scope includes the operational conduct of criminal investigations as directed
by current prosecution policy, and extends to include any other investigative
support as required by other internal stakeholders within Post Office Ltd and law
enforcement.
Key Activities
Prior to commencing an investigation the Security Manager will have to consider
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000005
CONFIDENTIAL
The seriousness of the allegation
The level of criminality
Any contractual, compliance or regulatory concerns
The potential to damage the reputation of the Post Office
The expectations of key stakeholders
5.2 Case Raised
5.2.4
5.2.5
R. King
Cases are raised from various sources, in each instance the information is passed
to the relevant operational Team Leader who will evaluate the allegation and
decide whether or not a case should be raised.
A shortage at audit will result in the completion of an Event Capture Form (ECF)
report by the lead auditor. The ECF report is then emailed through to the Post
Office Security Casework Team. On receipt of the ECF (where a suspension has
taken place), this is passed onto the relevant Team Leader who will make the
decision whether to raise a case or not. If this is an immediate open enquiry the
case will be raised before the ECF is received.
All losses where a suspension has taken place are raised this way, although the
loss is not always due to criminal activity. The Team Leader should review the
circumstances surrounding the audit shortage and assess whether an
investigation is the most suitable course of action.
The following are examples of types of audit shortages.
Cash Shortage at Audit No Explanation
Cash Shortage at Audit Comments made at audit
Cash Shortage — member of staff (Not the SPMR) suspected of criminality
Cash Shortage — Loss hidden Transfers
Cash Shortage — Loss hidden Remittances
Cash Shortage — Loss hidden Giro Suppression
Personal Cheque in Drawer
Cash Shortage in ATM
Cash Shortage in Lottery
Post Office Card Account (POCA) cases; On occasion, the Hewlett Packard (HP)
Call Centre is contacted by customers who claim they are victims of fraud. The
Post Office Card Account Primary Account Holder (PAH) may identify persons
who they suspect have defrauded them and on occasions they are staff or Agents
of the Post Office. The PAH allegation will be received through the HP Call Centre
who, working on behalf of Post Office Ltd, manage the day-to-day POCA service.
HP operators are requested to record as much detail as possible and report the
allegation to Post Office Ltd Security, Details of the complaint will be passed onto
the Team Leader. On receipt, the Team Leader should make an assessment on
the validity of the claim. Should they find no reasonable grounds to support the
claim they should return it to the Admin and Support Team within 5 working days
with ‘NO CONCERN’ annotated in the Security Comment box. In the event the
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000006
5.2.6
5.2.7
CONFIDENTIAL
case is worthy of further investigation they are to request a case number and
pass to their Team for investigation.
Cases can be raised in relation to a specific client; these can come from various
sources such as direct from the client via the Commercial Security Team, a
complaint from a customer or analysis from the Grapevine Team. In each case
the request is emailed to the Team Leader to review the details and assess
whether an investigation should take place. Post Office Ltd has a massive client
base; the following are sources from where cases are usually raised.
DVLA
Royal Mail
Dwpe
Government Services
AEI Machine
Cases also can be raised from various other sources including.
Crown Office Issues / Loss
Suspicious Transactions
Remuneration
Contracts Manager
Police Request
5.2.8 These types of enquiries are sent to the relevant Team Leader who will make the
5.2.10
5.2.11
5.2.12
5.2.13
decision whether to raise a case or not. The Team Leader informs the Casework
Team via email that a case is to be raised and which Security Manager has been
nominated to deal with the case.
The Casework team then complete the new case raised document and email this
to the security manager along with any ECF or audit reports which they have
received.
The stakeholder Notification forms part of the New Case Raised Document.
Within this document details of all stakeholders are listed.
Once a case has been raised the Stakeholder notification should be emailed to all
stakeholders, casework team and Team Leader as soon as possible. The Security
Manager should ensure that as much detailed information is included on the
stakeholder notification.
Communication with the commercial team is essential. It is important to ensure
that all stakeholder updates throughout the investigation are copied to the
commercial security team.
A copy of the stakeholder notification should be printed; this is associated in
Appendix C of the case file.
5.3 Event Log
R. King
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000007
5.3.1
5.3.2
CONFIDENTIAL
All activities undertaken during an investigation should be recorded on the event
log; this should also include reasons for any delay in the progression of a case.
The event log should be printed out and submitted with the green jacket. This
should be updated and a new event log entry inserted at each stage of the
investigation.
5.4 Supervision of Investigation
5.4.1
5.4.2
5.4.3
The decided course of action needs to be proportionate and necessary. It may, if
the circumstances warrant be more appropriate to consider other actions that
could be done that don’t necessarily lead to a criminal investigation. Examples
include pursuing a civil enquiry for breach of contract, civil debt recovery, training
review refresher, briefers, additional auditing, a caution, warning letter and or
NFSP engagement. Some of these possible outcomes may not be obviously
apparent until the subject is interviewed, although they should be built into the
process at this early stage. Close communication and co-operation with key
stakeholders is essential to ensure that a proper and considered course of action
is taken.
Proper consistent supervision is vital to ensure that cases are thoroughly
investigated and submitted in a timely manner. Team leaders with the support of
the Financial Investigators need to quality assure the investigation making sure
prior to initial submission that all available evidence has been gathered.
From the point the case is first raised Team Leaders should give due
consideration to the merits of a criminal investigation.
5.5 Investigation
5.5.4
5.5.2
R. King
It is important to consider the aims, objectives and scope of the investigation. Not
all Post Office investigations are criminal; the Security Manager may be called
upon to investigate employees under the grievance and disciplinary procedure. It
is important to determine what type of investigation is required, what time
frames are in place, available resources and what other issues may affect the
conduct of the investigation. An example may be a flag case with potential to
damage the reputation of the business where senior stakeholders have an on-
going interest in the progress of the investigation.
When a case is raised the Security Manager needs to prepare an investigation
plan which will outline the terms of reference in the way the investigation will be
conducted. Points to consider include:
Risk assessment
Duty of care
The source of the investigation
Statutory, regulatory or compliance considerations
Impact on the organisation
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000008
55.3
5.5.4
55.5
5.5.6
5.5.7
CONFIDENTIAL
© Media
© Timeframes
¢ Immediate open enquiry
In all cases stakeholder engagement is essential, updates to stakeholders should
be sent on a regular basis especially at relevant milestones such as interview, file
submission and summons served. For high profile cases such as crown office
losses updates should be more frequent and include key senior stakeholders in
the relevant directorate
For cases raised due to audit shortage, communication with the auditor on the
day of the loss or as soon after the case is raised is essential to gain an
understanding of the loss and to ensure they will send all audit documentation
(original documentation) to the Security Manager.
In all cases where a loss has been identified and a SPMR has been suspended a
case conference should be arranged with the contracts manager at the earliest
opportunity. This is essential and allows for an exchange of information and
understanding of expectations and direction the contract manager is planning in
relation to the conduct. The contract process can be found in Appendix A.
There may be occasions where criminality is suspected that a request is made
directly to a contract manager to consider suspending the SPMR. In these
circumstances the Security Manager must provide a detailed explanation
outlining the rationale supporting the request. A record must be kept of this
decision which may at some future stage have to be justified in court
proceedings.
The Security Manager has been tasked to prove or dispel the allegation. In
criminal cases where the burden of proof is beyond all reasonable doubt, it is
necessary to draw on all available evidence which is likely to substantiate the
allegation. In cases concerning the Horizon system, it is important to establish the
level of training the subject received, when this was received and action the
subject took to remedy any identified faults. A key point to cover template has
been produced to ensure that Security Managers establish these facts during the
interview process. As part of the evidence gathering process, the Security
Manager can collect evidence from various sources including:
Statements from witnesses [current, previous members of staff]
Expert witnesses
Post Office accounting and HR databases
Contract Advisor database
CCTV
Banking records
Telephone records
Interviews with suspects
Alarm Data
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
WBD_000336.000009
5.5.8
55.9
5.6
5.6.1
5.6.2
5.6.3
5.6.4
5.7
5.7.1
5.7.2
5.7.3
5.7.4
CONFIDENTIAL
It is vital that all available witnesses are interviewed. If there is a good reason for
not doing so this must be recorded in the progress of investigation log.
The Security Manager must not overlook the fact that a fair investigation is there
to establish the truth as well as substantiate the allegation, so it is important that
any evidence uncovered that may support the subject’s position is also
recovered. It is important to document every action, decision and reason for
decisions being made during the course of the investigation.
Enquiry Type
Immediate Open Enquiry. Where immediate response is appropriate and few pre-
interview enquiries are needed or practicable.
Major Enquiry >£15,000 (or major customer / client / reputation impact) where
immediate response is not possible due to the requirement to perform pre-
interview enquiries / analysis.
Standard Enquiry. All other enquiries not included in the above - where
immediate response is not possible due to the requirement to perform pre-
interview enquiries.
Liaison. Any case where liaison with another investigative body conducting
enquiries into criminal activity at Post Office Ltd branches.
Interview Framework and Timescales
All significant steps in the investigation including any lengthy delays in concluding
the enquiry need to be recorded. The progress of investigation document will
eventually form part of the unused material and should be produced with the file.
The details of investigation need to be sufficiently informative although an
element of objectivity needs to be applied.
Significant points can become critical should the enquiry concern non availability
of witnesses, external stakeholders or any other influential factors which may
force undue delay.
A culture needs to be embedded where Security Managers are aware and fully
understand the importance of providing a comprehensive chronological account
of an investigation, not merely to avoid undue criticism, but also where there
could be an issue with the case at some later stage which may undermine the
likelihood of successful prosecution.
Interview Date. Person concerned should be contacted and Interview should be
arranged without delay. Timescales will depend on preparatory work that needs
to take place prior to this. Good Evidence Takes Time. In complex cases there
may be a need to conduct a preliminary [holding] interview with a more detailed
interview taking place when further enquiries have been completed.
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
10
WBD_000336.000010
S75
5.7.6
5.7.7
5.7.8
5.7.9
CONFIDENTIAL
Immediate Open Enquiry. Interview on day of notification (where possible)
minimum within 48 hours and case submitted to normal report timescales (12
days).
Major Enquiry. Case to be at “person concerned” interviewed within 1 month of
case raised.
Standard Enquiry. Case to be at “person concerned” interviewed and submitted /
closure stage within 2 months of raise. Should enquiries indicate increased loss or
impact, status must be amended to Major Enquiry immediately.
Liaison. Regular contact should be maintained with the authority (Police, Royal
Mail, DWP) dealing with the case.
After the first month the Security Manager should discuss the case with their
Team Leader and a way forward agreed, this will ensure that the liaison case is
progressed.
5.8 Evidence
5.8.1
5.8.2
5.8.3
5.8.4
R. King
Good communication with the audit team is crucial to ensure evidential resilience
in relation to the continuity of exhibits. Every effort must be made to ensure that
the person finding is the person exhibiting and original documents that will form
the evidential basis of the case are retained until collection. The continuity will be
stronger if the documents seized are secured and handed over against a
signature. In circumstances where the only viable way is to send the documents
through the post they should be sent by the Auditor to the named Security
Manager by Special Delivery.
Auditors are to be encouraged to record any significant comment made in the
course of the audit either unsolicited or in response to a reasonable question to
complete the audit such as “/ have checked the money in the safe and there
appears to be a shortage, is there any money stored elsewhere that needs to be
checked?” . In the case of the unsolicited comment, the auditor should record
this i.e. “! know you will find a shortage, I borrowed the money”. However any
further question such as “why” would constitute an interview and the Auditor
must refrain from asking such questions.
In such cases, the Auditor should inform the subject that their comment will be
recorded but any further questions concerning the comment may be conducted
under caution by a Security Manager where the subject has been accorded their
rights. This should not distract from the role of the auditor and questions around
should still be asked to verify financial assets due to Post Office Ltd.
In cases where the subject wishes to make comment, the Auditor again should
record the initial comment, advise the subject as above and if they continue, note
in the record, that the person concerned was advised that they would have the
opportunity to be interviewed by a Security Manager under caution at a later
stage. THEN CONTINUE TO RECORD THE COMMENT. Again any questions even
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
11
WBD_000336.000011
5.9
5.9.1
5.92
59:3
5.9.4
5.9.5
5.9.6
CONFIDENTIAL
for clarification from the auditor would constitute an interview and could/would
render the evidence inadmissible so the Auditor must refrain from asking such
questions.
Background Checks
Local Management Checks
Contact with the contract manager is essential; they can provide the Security
Manager with a background on the individual along with providing all information
relating to the branch from their database.
Training Records. A request for the branch training history should be made to the
Network Support Admin Team email address. This will detail what training was
received for the SPMR when he was appointed to the branch, it will also show
any intervention training requested or delivered for the branch. It is the SPMR’s
responsibility to train his staff, no records for training (apart from compliance
training) is kept for SPMR assistants.
Post Office Ltd Human Resources Printout. The Sub Postmaster Printout or
employee printout should be obtained for all cases by emailing Human Recourses
using the HR Assistant Checks email address. This document can provide the
following information —
e The subject’s personal details, such as NI number, home address, bank
account(s), next of kin
e Date the SPMR was appointed
© Claims data (i.e. holiday pay) & dates the SPMR was on holiday.
© The full SPMR file can be requested by emailing ‘Contract Admin Team’
P356 Assistant List. The P356 Assistant list should be requested at the same time
as the HR Printout from the HR Assistants Check email address. This report can
provide the following information
Name, date of birth and NI number
Persons registered to access Horizon (users), at that Post Office
The Horizon user’s identities for each assistant
Whether the assistant is a permanently employed or temporary/holiday relief.
Date the person was activated to use Horizon and the date users were
removed from the Horizon system
SPMR Remuneration. The remuneration from a particular branch can be obtained
via an e-mail to HR Agent Remuneration.
Police National Computer (PNC). Post Office Ltd PNC checks can be made for
intelligence gathering purposes in respect of individuals and vehicles suspected or
known to be involved in crime against the Post Office Ltd. Examples of authorised
use are as follows:
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
12
WBD_000336.000012
5.9.7
5.9.8
CONFIDENTIAL
e To assist authorised personnel with intelligence gathering around individuals
suspected/ known to be involved in committing criminal offences
e For operational Health & Safety considerations and evaluations prior to the
engagement with the person concerned as part of the operational risk
assessment
e To obtain previous conviction details of defendants and witnesses for cases
being prosecuted by Post Office Ltd
e To establish intelligence with regards to vehicles and occupants suspected to be
involved in criminal activity against the Post Office
e To identify the registered keeper of vehicles connected to the address of a
suspect/known offender involved in criminal offences against the Post Office Ltd
Do not conduct checks for the following reasons:
e Unsubstantiated allegations about an individual
e “Fishing trips”, for example blanket checking vehicles or persons such as all
vehicles in a staff car park in an effort to identify a suspect’s vehicle
e To identify ownership of a vehicle in accordance with Proceeds of Crime Act
Equifax: Security Managers can rely on Equifax to provide the following
information:
Personal details
Addresses
Court and Insolvency Information, (i.e. county court judgments)
Alert Indicators (Office of Foreign Assets Control)
Alias and all names used
Associates
Electoral data confirmation
Credit transactional activity, including the client and transactional history
Record of searches done by Equifax clients, (i.e. banks and retailers)
Property valuation
Additional addresses-linked addresses
Directors data
Commercial searches, (i.e. valuable data relating to the subject’s business)
re
Land Registry. Security Managers have access to the Land Registries in England
and Wales, Scotland and Northern Ireland. Most searches take between a few
minutes to a few days, depending on the registry. Obtaining the subject’s full
address is important. Land Registry can provide the following type of
information/data:
The owner(s), type of ownership & address
The value of property
An extract of the official Title Deed
Copy of the Title Register, Title Plan
Registered Old Deeds, including historical editions of the register and title plan
Any charge on the property, and the relevant financial institution (mortgage.)
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
13
WBD_000336.000013
5.9.9
CONFIDENTIAL
Network Business Support Centre (NBSC) Call Logs. NBSC call logs can be
obtained by emailing the Branch and IT System Team at Dearne House. These
logs will detail all calls made by a branch into the NBSC. These logs can be very
useful where a SPMR or employee claim that they have reported the loss or
incident.
5.9.10 Credence; is a tool used to analyse detailed transactional data from a particular
branch. This is useful to prove details of particular transactions or events. Only
data, up to 90 days, can be extracted and analysed by Post Office Ltd Security. An
application to Fujitsu will turn the MI data into data/documentary evidence for
use in the criminal courts. Older historic data can also be obtained. Fujitsu will
only provide a witness statement relating to the authenticity of the data only, not
the specific transactions relating to your enquiry.
5.9.11 ONCH. The Cash Management team can provide Over Night Cash Holdings
5.9.12
§.9:13:
5.10
5.10.1
(ONCH) data for a specific branch. This data gives in depth cash analysis for a
branch including what denomination of notes a branch has declared on a given
date along with cash remittances in and out. A request for this data can be made
to the Retail Cash Management Team who will highlight any concerns they might
have with the branch. The same information can be requested for Foreign
Currency holdings.
Full Rota Check. A ‘full rota check’ allows for a full data search for a specific
branch relating to transaction issues. This can include any transaction corrections
(TC’s) scratch card, remittances, stock adjustments and other specific office’s
products. This check can be arranged via Post Office Ltd Security Grapevine
strand, Analyst & Support team in Chesterfield.
Alarm data. Obtaining alarm data from ROMEC can be a useful tool in
determining access to the Post Office secure area and safes. Data around
perimeter and safe set / unset times can be interrogated to assist in the
investigation.
Planned Operation Risk Assessment (PORA)
The PORA process is mandatory in any Post Office led investigation which may
involve a planned interview under caution or premises search. A PORA is required
for each subject involved in the investigation, In order to manage the risks
effectively Security Managers should conduct any risk related intelligence checks
and/or enquiries that they feel are necessary as part of the PORA process. The
following checks are available and thought to be the most relevant to Post Office
Security cases:
e Local Management check: This may also identify other information such as
health issues, including suspected drug or alcohol habits, or outside interest’s
e.g. domestic circumstances which may impact on H&S
e PNC Individual checks: This may identify “warning” indicators or previous
convictions of both suspects and others at the address. It may also identify
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
14
WBD_000336.000014
5.10.2
5.10.3
CONFIDENTIAL
other information which impacts on H&S such as any history regarding the
certification (or refusal) of firearms or orders recalling persons to hospital
Full Equifax check: This check can be used to identify current occupants at an
address to be searched or visited. A “Full Investigation” Equifax check should be
undertaken
PNC Vehicle check: This can reveal registered keepers of vehicles at a specific
address
Land Registry checks: These will identify the owner of property
Local Police Intelligence check: May identify risks regarding the suspect or other
incidents or persons at the address(es) and the geographical area(s) to be
visited. It may also identify other law enforcement interest
Risk Score. Where any risk is assessed as High, a Senior Security Manager should
be consulted and the assistance of the Police sought before any investigation
activities which bring Security Managers into contact with the subject are
commenced.
Where the Planned Operation is assessed as Low or Medium risk, line manager’s
authority must be obtained before any Security Manager activities which bring
Security Managers into contact with the subject are commenced.
5.11 Interview
S.10.1
5.11.2
5.11.3
5.11.4
R. King
Where the rights of a lawyer to be present are offered to the subject who wants
their own solicitor and they are not available, consider your position in terms of
recovering evidence and not compromising the investigation. In this instance
inform the subject that as their lawyer cannot attend within a reasonable time,
arrange for the subject to be arrested and booked in at the local police station
where a solicitor from the nominated list or the duty solicitor can be offered.
Reasonable time may differ depending on the circumstances and any action
taken needs to be justified and documented. It is likely that an explanation for
this course of action will be required at court. A rule of thumb is what the
average lay person may consider reasonable given all the facts. It is important to
note that the need to gather evidence and investigate the case in a timely
manner is not unduly compromised.
Arrest by the police may be justified on the basis that there are reasonable
grounds to suspect an offence has been committed and there are reasonable
grounds for believing that the arrest is necessary. The statutory criteria for what
may constitute necessity are set out in para 2.9 of Code G PACE. Inviting the
subject to the police station to obtain legal representation may not be effective
as the person concerned is at liberty to leave at any time. The Security Manager
should direct the investigation appropriately to remain in control of the evidential
process without jeopardising the subject's legal rights. Code G of PACE is laid out
at Appendix B.
Consider maximising the opportunity to capture evidence at the earliest stage,
i.e. where there is a significant comment. In more complex cases where a more in
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
15
WBD_000336.000015
WBON0000466
WBON0000466
CONFIDENTIAL
depth interview is required hold a preliminary interview, cover off the significant
comment and hold a second interview at a later stage when more evidence is
gathered. Think of the Golden Hour of capturing the evidence. Always follow the
PEACE model [Planning, Engage and Explain, Account, clarification and challenge,
Closure, Evaluation]. Consider the ingredients of the offence; dishonestly
appropriates property belonging to another with the intention of permanently
depriving the other of it. Ensure that these are established during the interview.
Deep dive into areas where defences are likely. These can be countered by
careful planning and skilful questioning. A comprehensive guide to interviewing
using the PEACE model can be found at Appendix C.
5.11.5 One on one interviewing should be considered on a case by case basis. There is
no reason why in a straight forward investigation where there have been
admissions and risk is considered low, that a one on one tape recorded interview
should not be considered. This will free up resources and should be encouraged
wherever possible. Clearly in more complex cases, where there is a need to pre
prepare and the nature of the investigation may benefit from an interviewer with
greater subject knowledge, then the interview must be conducted by two
persons. Similarly for training and development purposes.
5.11.6 Should the recent Second Sight review be brought up by a subject or his
representative during a PACE interview the Security Manager should state: ‘/ will
listen to any personal concerns or issues that you may have had with the Horizon
system during the course of this interview ‘
5.11.7 The following three areas need to be covered in as much detail as possible at an
appropriate point during all PACE interviews, regardless of whether Horizon is
mentioned or not. Where the case clearly has no link with Horizon (e.g. theft of
mail) then you must gain authorisation from your line manager to proceed
outside of this process.
Training
¢ How long have they worked at the Post Office?
¢ Had they any previous PO experience?
¢ How long did their initial training last? (Please see guidance below and get as
much detail as possible)
What did it cover? (I.e. transactions, balancing, ATM, lottery etc.)
¢ Did they request any follow up training? (If so who with?)
e Was there a period when the accounts balanced? If so, then why did things
run smoothly then?
Support
Who did they tell that they were having problems?
e Why didn’t they request any help?
What support are they aware of (i.e. NBSC, HSH, area managers)
@ Have they contacted the NBSC for support before?
Horizon
¢ Have they contacted the HSH before?
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
16
WBD_000336.000016
5.11.8
5.11.9
CONFIDENTIAL
If they believed that there was a fault with Horizon then who did they report it
to and when? If they didn’t report it then why not?
NBSC call logs should be requested for all cases. As should HSH call logs.
Training records for all new cases are automatically sent by casework team. For
info the current standard is:
SPMR receives 6-8 days of classroom training (this depends on the products
that their office transacts)
SPMR receives 6 days of onsite training and support including at least one
balance
SPMR receives an announced visit after one month to provide support, go
through the compliance requirements and for a cash check to be completed
SPMR receives an announced visit after 3 months for further support,
compliance questions and a cash check
SPMR receives an unannounced visit after 6 months for further support,
compliance questions and a Financial Assurance audit
5.12 Searches
5.12.1
5.12.2
§,12.3
In all cases a search of vehicle and premises should be considered. Searches are
conducted by consent and should be conducted in the spirit of PACE where
reasonable grounds to suspect there is evidence on the premises that relates to
the offence.
If the subject refuses to consent to a voluntary search the Security Managers line
manager should be contacted and if required further advice and guidance sought
from the criminal law team.
If the subject refuses to consent to a voluntary search and there are reasonable
grounds to suspect that evidence relating to the offence may be found, then
contact police with a view to arrest the subject. A search can then be conducted
by police following arrest. The Security Manager should agree this course of
action with their line manager and advice sought from the criminal law team.
5.13 Notebook
5.13.1
5.13.2
5.13.3
R. King
Notebooks are an essential element in a Security Managers toolkit. They are the
recognised and preferred way of recording evidence that is not recorded
elsewhere in a more formal document. They are numbered individually and are
issued to all Security Managers performing investigation duties.
Due to the nature of the information recorded in a notebook it can be produced,
if required by the Security Manager, in a Court of Law. It is essential that all
notebooks be completed with a degree of uniform professionalism.
General rules
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
hrs
WBD_000336.000017
CONFIDENTIAL
Make all entries in chronological order
All entries must be made in ink (black preferably)
Any errors must be crossed out with a single line, so that the original entry can
be seen and then initialled
Do not remove any pages, they are all numbered sequentially
Do not make additional entries between the ruled lines. If it is of paramount
importance that, if you make an additional entry, make it at the end of your
existing entry explaining why it is not in chronological order
Asingle line should be scored through any blank spaces or lines
All entries should be signed, timed and dated
All notes made on informal pieces of paper such as newspapers, should be
transferred to the notebook as soon as practicable. The entry should include
why it was not practical to enter the note directly into the notebook. The
Security Manager must retain the original note
5.14 Post Interview
5.14.1
5.14.2
5.14.3
5.14.4
48 Hour Offender Report: To be emailed to Team Leader, Casework Team,
Financial Investigator (if appointed) Primary Stakeholder within 48 Hours of the
interview.
FES Report: Financial Evaluation Sheet to be emailed to Financial Investigator
within 48 hours of the interview.
Write the Case Summary Report: This is to be written using example report and
guidelines that can be found on the Secops sharepoint site. The case summary
should be a succinct chronological account of the investigation highlighting key
facts. The rule of thumb is to produce an account which the reader can quickly
digest to get a general overview of the allegation. Key witnesses and a brief
outline of what they say can be included as well as a synopsis of what was said
during interview. The statements, interview record and exhibit list can be
examined should the reader require further information
Write Discipline Report. The discipline report to be written using example report
and guidelines which can also be found on the sharepoint site.
5.15 Interview Notes
5.15.1
5.15.2
R. King
In the majority of cases at initial submission, the Notes of interview need to be a
brief account of the interview and any significant comment. It is therefore good
practice to write down a note of the interview and generally what was said on
completion.
An example note could be: throughout the interview the subject stated that he
had borrowed the money to make up a shortfall and when challenged over this
accepted that it was wrong / dishonest to take the money.
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
18
WBD_000336.000018
5.15.3
5.15.4
5.15.5.
5.16 S
5.16.1
5.16.2
5.16.3
5.16.4
WBON0000466
WBON0000466
CONFIDENTIAL
No comment interviews should not be transcribed. Unless there is a very good
reason for a full transcript, in the majority of cases for the initial submission a
note of interview will suffice.
Where the prosecuting lawyers request a transcript as part of the advice process
or for preparation for committal proceedings it will be completed by the typist,
checked and sent by the Security Manager.
Where appropriate to transcribe the Audio recording of an interview the request
should be sent to the typist. An email should be sent to cathphilbin@aol.com.
The email should also be copied to the FI at Chesterfield to ensure return of the
CD.
tatements
In all instances the following standard statements should be taken and submitted
with the green jacket.
First Officer Statement
Second officer Statement
Horizon System Statement
SPMR Contract Statement
Lead Auditor Statement
In the course of an investigation other statements may need to be acquired,
these could be statements to describe a particular process such as how to carry
out a particular transaction. If the Post Office Legal and Compliance Team
(POLCT) consider that such a statement is required to progress the prosecution
they will send an advice requesting this further information.
Where statements can be taken over the telephone this should be done to save
time, resources and it must be encouraged. Statement taking over the telephone
is a modern and accepted practice.
Rather than a hand written Section 9 statement, there is no reason why a draft
statement cannot be prepared in note form. The statement can then be typed up
subsequently, with any changes, clarification or ambiguity amended. It is vital
that the original notes are retained. On typing up the statement it can be sent to
the recipient for checking and amending. Once agreed, the statement must be
signed and sent back to the Security Manager.
5.17 Business Failings
5.17.1
If business failings or procedural weaknesses are identified this should be
completed on the relevant tab of the new case raised form and emailed to all
stakeholders including Commercial Security. This should be printed off and
associated in appendix C of the file.
5.18 File Construction
R. King
AA Conduct of Criminal Investigation Policy v2 300813 (3)
19
WBD_000336.000019
CONFIDENTIAL
5.18.1 A Green Jacket should be constructed as per the following guidelines.
5.18.2 Case files will include a schedule of unused non-sensitive material and unused
sensitive material [Public Interest Immunity, Legal Privilege and documents that
may highlight the methods used for investigation] The Appendix “C” in the case
file will be retained by the Security Manager as oppose to submitted with the file.
Where solicitors may wish to examine any unused material it should be
requested and sent by the Security Manager.
5.18.3 The body of the file.
Case Raised Front Sheet
Event Log [added to as the case progresses to conclusion]
File Contents Index
Case File summary; numbered paragraph.
Index of Statements (Actual Statements in Appendix A)
Interview Summary
Index to Exhibits
Unused Material list [This negates the need to submit Appendix C and fill the file
with emails. The unused material list can be added to as the case progresses]
5.18.4 As a general rule Appendix; A = Witness Statement B = Evidence C = Other
material
5.18.5 Appendix A
e Typed Witness Statements
e Summons Documents
5.18.6 Appendix B
POLOO1
Evidence
Notebook Entry
Search Documents.
Working Tapes
PNC check results (include no trace replies)
5.18.7 Appendix C (Appendix C should be collated, but NOT be submitted with the file
when sent to Post Office Legal an Compliance Team)
Stakeholder Notification
@ HR Printout
e Assistant List
e Interview Letter
* POLOO3
e Business Failings
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
20
WBD_000336.000020
CONFIDENTIAL
¢ Discipline Report
e Antecedents
e NPAOL
5.19 File Submission
§.19.1
5.19.2
5.19.3
5.19.4
5.19.5
5.19.6
5.19.7
R. King
Cases for Advice. In some instances where the Security Manager is unsure on the
strength of the evidence the case can be submitted to the POLCT for advice. The
POLCT will apply the evidential test and will advise on the next course of action
such as further statements or case to be closed.
On completion of the file, it will be submitted to the Team Leader for checking,
signing off and forwarded to the POLCT via registration. Should further
investigation be deemed necessary at this stage, the file will be returned to the
Security Manager. Where a request is made from POLCT for further enquiries, the
team leader will be copied into the relevant email. It is imperative that the
progress of enquiry document is comprehensively kept up to date and copies of
any generated emails saved. These can be inserted into the file in appendix C
when the enquiries are complete.
Should advice be sought from Cartwright King solicitors, the Team Leader and
POLCT will be copied into any requests for further evidence. The details of
investigation log must be maintained and copies of emails retained. On
completion of the enquiry, the green docket case file will be sent to the Security
Manager for copies of any emails to be inserted along with the progress of
investigation log prior to final submission to Head of Security via the Team
Leader.
Each case file should the follow the stated process:
Security Manager > Team Leader > Post Office Legal and Compliance Team >
Cartwright King > Head Of Security > Team Leader > Security Manager
Security Manager > Team Leader
Once the file is ready for submission the Security Manager should send the
green jacket to their Team Leader for review. The Team Leader should sense
check the case file and ensure it is evidentially robust and properly constructed.
The Security Manager should send electronic copies of the case summary
report, audio transcripts and discipline report to Post Office Security.
Team Leader > Post Office Legal and Compliance Team
The Team Leader will then forward the file to the POLCT. The file will be
reviewed by the POLCT and a decision made whether further progression be
made with the case. If the decision is No Further Action the file is returned to
casework at that point. If the POLCT decides that further enquiries are required
this will be forwarded to the Security Manager including Casework and the
Team Leader.
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
21
WBD_000336.000021
CONFIDENTIAL
5.19.8 Post Office Legal and Compliance Team > Cartwright King
If the decision is to proceed with the prosecution case the file is the forwarded
to Cartwright King for advice on charges. (In some instances POLCT will put
charges together).
5.19.9 Cartwright King > Post Office Legal and Compliance Team
Cartwright King will prepare advice and charges for the case (or advise no
further action). If further enquiries are required they will contact the Security
Manager direct, copying in the team leader and send an advice detailing the
further enquiries. The advice along with charges and case file is then sent back
to casework.
5.19.10 Post Office Legal and Compliance Team > Head Of Security
The file is then forwarded to the designated prosecution authority (DPA) for
authority to proceed. The DPA will review the case file and decide whether to
proceed with the advice from the POLCT and Cartwright King or whether to take
a different course of action. The authority to proceed (or other instruction) will
be inserted into the case file.
5.19.11 Head Of Security > Team Leader
The file is the forwarded back to the casework team.
5.19.12 Team Leader > Security Manager.
The file is returned with advice and charges submitted in the case file for the
Security Manager to proceed.
5.20 Summons
5.20.1 If advice from Cartwright King or the POLCT is to prosecute and the Head of
Security has given authority to proceed, then the Security Manager needs to
obtain a summons.
5.20.2 The Security Manager will make contact with the relevant Magistrates’ Court to
set a date for the suspect's first appearance at court. Summonses are also
applied for. Upon receipt of the summonses the Security Manager will serve the
summonses by way of posting them to the Person Concerned using the Royal
Mail Special Delivery service.
5.20.3 Set a Court Date
e Contact the Magistrates court where the offence took place and confirm that
court deals with the matter and the address where the summons are to be sent
for signature
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
22
WBD_000336.000022
WBON0000466
WBON0000466
CONFIDENTIAL
¢ Contact listings and inform them you are a private prosecution — (certain courts
have set days for non-police prosecutions)
e Obtain a date normally six weeks from date of request but no more than 8
weeks
5.20.4 Acquiring Arrest Summons (AS) Number
e Update the front of the NPAO1 with the date of the court hearing and the
details of the court
© Complete the offence and the method used in offence section on the front of
the NPAQ1
e Email the updated NPAO1 to the casework team. The casework team will apply
to the relevant police force for an AS Number which is required for the court to
sign the summons. The AS number will be emailed back to the Security Manager
within a few days of the submission of the NPAO1 (different police forces work
to different timescales to times will vary)
5.20.5 Applying for the summons.
e Prepare three copies of the summons
© Prepare one information sheet
e Send to the court for signature with covering letter — all three copies of the
summons should be signed and returned
© Court will retain the information sheet
e Inform the agents Solicitors appointed by POLCT of the time and date of the
court appearance
5.20.6 On receipt of the summons
e Take a photocopy of the defendant’s copy of the summons
e Send the original copy of the defendants summons together with a POLO44
(Charge or summons notice) and a copy of the means form
e Summons can be either served personally or via Royal Mail Special Delivery to
the person concerned
5.20.7 Once conformation has been obtained that the summons has been received
POLCT and Cartwright King must be informed. The back of the defendants
photocopied summons should be endorsed with the following:
I certify that today, (date), I personally served a copy of the summons upon
(Name), the defendant named overleaf.
Or
I certify that a copy of the summons overleaf has been served upon (Name), the
defendant named overleaf. The summons was sent via Royal Mail Special Delivery
(number) and was delivered (date and time).
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
23
WBD_000336.000023
5.20.8
5.20.9
CONFIDENTIAL
Prepare and send to POLCT a covering letter confirming the summons has been
served, together with a copy of the POLO33 and any TIC’s by post. Update the
front of the NPA form with the summons was applied for and the date the
summons was served. Complete the offence and the method used in offence on
the front of the NPAO1.
Email Casework team and POLCT the confirmation of service letter together with
the NPAO1. If the case is a Fl case then the FI should be copied into the email.
Copies of the summons go in Appendix A of the file.
5.21 Committal
Committal Checklist
POLOO6B Self Disclosure
POLOO6c Schedule of non-sensitive unused material
Sensitive Material
Continued Disclosure Report
Witness List
Witness Address
Witness Non Availability
List Of Exhibits
Memo to POLCT
5.22 CASE CLOSURE
5.22.1
§.22.2
5.22.3
R. King
On completion of the investigation, it is vital that a review of the root cause of
the investigation is undertaken by the Security Manager. It is important to
ascertain whether any system processes, integrity of the financial commercial
product, technical issues, training delivered or procedures may have provided an
opportunity to commit the offence. Equally important, the vulnerability of the
product or process in its current form and likelihood of similar offences being
committed in the future needs to be considered. A comprehensive report
outlining the cause of the offence will be submitted to Commercial Security at the
conclusion of each investigation
As part of the Post Office retention policy, case files must be archived and
retained for at least 7 years.
Case closed Notification.
In all cases where a decision is taken to close a case it must be authorised by the
Security Managers Team Leader
The Case Closed notification should be completed and emailed to the Security
Managers Team Leader, Post office Security all major stakeholders and the
Commercial Security team
As much detail as possible should be included in the case closed notification
explaining the decision for the course of action taken
AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
24
WBD_000336.000024
6
6.1
7
a1
CONFIDENTIAL
e Insome instances a case will be closed with no green jacket, this could be a case
where the matter was dealt with under conduct and no criminality identified. If
there is no green jacket this should be highlighted on the case close notification
and also annotated at the top of the email to Post office Security
Conclusion
One of the key programmes of the Security Operations strategic plan for 2013 has
been the case file review. Separation from Royal Mail Group has presented
opportunities to shed outmoded investigation practices and tailor processes that
not only meet the current needs of the business, but challenges us as a team to
work smarter, and deliver a professional, comprehensive and fair investigation in a
timely manner. With the advent of the Second Sight interim report it is likely that
scrutiny will continue to focus on the fairness, evidential quality and professional
standard of criminal investigations. Completion of the investigation review, which
serves as a guide to Security Managers in the conduct of their investigations is a
timely document which embodies the ethos of Care, Challenge and Commit.
Compliance
Post Office Security Operations Management will regularly assess for compliance
against this policy. Any violation of this policy will be investigated and if the cause is
found to be due to wilful disregard or negligence, it will be treated as a disciplinary
offence. All disciplinary proceedings are coordinated through the Human
Resources Department.
R. King AA Conduct of Criminal Investigation Policy v2 300813 (3)
WBON0000466
WBON0000466
25
WBD_000336.000025