WITN08340100
WITN08340100
Witness Name: David Posnett
Statement No.: WITN08340100
Dated: 4 October 2023
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF DAVID POSNETT
1, David Posnett, will say as follows:
Introduction
1. This witness statement is made to assist the Post Office Horizon IT Inquiry (the
“Inquiry”) with the matters set out in the Rule 9 Request dated 19.5.23 (the
“Request’) and the Supplementary Rule 9 Request dated 16.8.23 (the
"Supplementary Request"). I have received advice and assistance from a lawyer
in the preparation of this statement.
My professional background
2. I ama former employee of Post Office Ltd (“POL”) and worked in a number of
roles between 1986 and 2017. I have listed those roles below, to the best of my
recollection. While I have been able to recall the approximate years my service in
these roles covered, I have not been able to recall the exact dates I worked in
these roles.
Page 1 of 48
WITN08340100
WITN08340100
3. I originally started working for POL in 1986 as a counter clerk, starting at
Chessington before moving to Tooting. I also worked as a "reserve", filling in at
other branches. The role of a counter clerk included serving customers with
products and services offered by POL. My role also included balancing tills and
completing daily accounts and weekly cash accounts for the branches I worked
in.
4. I worked as a counter clerk until 1995 when I obtained a new role as an auditor. I
was based in Guildford, and the area I covered was broadly in the south of
England. This role involved conducting compliance checks and cash and stock
verifications at Post Office branches, including programmed checks, audits
following burglaries and robberies, and new subpostmaster appointments. I
worked as an auditor until 1999.
5. Between 1999 and 2000 I worked as a Joint Business Testing Analyst, which
involved working within ICL Pathway. My role was to follow scripts in testing the
Horizon computer system prior to its roll out across Post Office branches.
6. Between 2000 and 2004 I worked as an Investigation Manager. I was based at
Twickenham and then at Woking. In this role I conducted enquiries into cases
assigned to me and assisted with cases assigned to colleagues, including
criminal investigations. These cases covered a range of issues, including for
example incidents of Giro suppression, cash losses in Crown Post Offices,
Pension Allowance fraud and overclaims. This work involved conducting
interviews, searches, obtaining witness statements, gathering evidence,
committal preparation and attendance at court.
Page 2 of 48
WITN08340100
WITN08340100
In 2004 I was promoted to the role of Investigation Team Manager. I was based
at Woking, and then moved to Leatherhead when the Woking office closed. I
managed a team of Investigation Managers, and was responsible for assigning
cases, monitoring progress, providing assistance and conducting 1-2-1s, team
meetings and development reviews. I worked in this role until 2007.
Between 2007 and 2008 I worked as a Casework Manager. I was based in
Croydon. In this role I managed the Casework Team, which included Assistant
Managers and support staff. My duties included contributing to a monthly
performance pack, acting as single point of contact for law enforcement agencies
and stakeholders such as DVLA. I was also the point of contact between POL
and Fujitsu in relation to Audit Record Queries ("ARQs"). Monthly performance
packs contained information about the number of cases opened and closed in the
month, the number of prosecutions commenced; and sums of money recovered.
Between 2008 and 2010 I worked as a Fraud Risk Manager. I was based at
Leatherhead. In this role I was responsible for designing, developing, deploying
and assisting with fraud risk programmes, with the aim of addressing specific
areas of risk e.g. Crown Office losses, overnight cash holdings, lottery scratch
cards and rejected postage labels.
Between 2010 and 2014 I worked as an Accredited Financial Investigator. I was
accredited by the National Policing Improvement Agency. I was accredited to
undertake financial investigations. My role was to use the powers conferred by
the Proceeds of Crime Act 2002 to recover losses in cases which were
prosecuted. This included making applications for Production Orders, Restraint
Orders and Confiscation Orders.
Page 3 of 48
11.
12.
13.
14.
WITN08340100
WITN08340100
Between 2014 and 2015 I worked as a Security/Investigation Team Leader and
Accredited Financial Investigator. This position combined a number of previous
roles but also had an additional security element, following the merging of the two
disciplines. The security element of the role was broadly concerned with ensuring
that security procedures were followed. For example, I undertook what were
called “torch visits” to branches, so called because they involved ‘shining a light’
on how branches were following security procedures.
Lastly, between 2015 and 2017 I worked as a Branch Standards Field Manager.
My responsibilities included undertaking compliance checks at branches to
ensure they were having the right conversations with customers to maximise
sales; also to check that the clerks were asking the correct questions with regard
to whether packages contained prohibited and restricted items.
The Request asked me specifically about the role of "Security Programme
Manager". As can be seen from my career history, I have never held a position
called "Security Programme Manager" as such. My recollection is that the term
"Security Programme Manager" applied to a particular grade (CM1), and
encompassed the roles I had between 2004 (when I started as an Investigation
Team Manager) and 2015 (the Security/Investigation Team Leader and
Accredited Financial Investigator role). In this statement I have used the actual
job titles for the positions I held.
I became an Investigation Manager (a role at CM2 grade) following attendance
at a selection board, which involved undergoing assessments, interviews and
practical exercises. 'On the job' training was provided by more experienced
colleagues. Training was also provided by the Royal Mail Investigation Training
Page 4 of 48
15.
16.
17.
18.
19.
WITN08340100
WITN08340100
Team, on areas which provided a grounding for Investigation Managers (e.g.
interviewing, taking witness statements, notebooks, etc).
I was appointed to the role of Investigation Team Manager (the first role I held at
CM1 grade) following an interview.
In the positions I was subsequently appointed to, I recall that I received 'on the
job’ training from the previous incumbent(s), except for the Fraud Risk Manager
role which was, as I recall, a newly created position.
The only further officially necessary training occurred when I became an
Accredited Financial Investigator. Obtaining accredited status required me to
follow a course of study and undergo assessment by examination. Maintaining
my accreditation meant that I had to undertake continuous development and
demonstrate the use of powers available to a financial investigator.
I was line managed by numerous people throughout my employment with POL. I
can recall that during the period I worked in roles described as "Security Programme
Manager" my managers included Brian Sharkey ( Investigation Team Manager),
Paul Fielding (Security and Investigation Team Manager), Paul Dawkins
(Investigation Team Manager) and Manish Patel, Trevor Lockey, Dave Pardoe,
John Bigley, Andy Hayward and Rob King (all Senior Investigation Managers).
Looking back, I do not recall any reason to question their competence or
professionalism.
The Request asked me to address any role I had in relation to disciplinary matters;
interviewing people accused of criminal offences; disclosure in criminal or civil
proceedings; case strategy and liaising with other POL departments about how
cases were progressing.
Page 5 of 48
WITN08340100
WITN08340100
20. My role in relation to direct disciplinary matters was limited to those staff who I
line-managed, but I do not remember having to deal with any disciplinary matters.
In my role as an Investigation Manager, I was involved in interviewing those
suspected of committing criminal offences and disclosing material in criminal
proceedings. I was not involved in litigation case strategy but did liaise with other
POL teams in respect of progress of cases (e.g. the Criminal Law Team and the
Late Account Team).
The Security team’s role in relation to criminal investigations and prosecutions
21. Paragraph 4 of the Request drew my attention to a series of documents, and I
was asked to explain the organisational structure of the Security Team, its
functions and any changes which occurred during the time I worked within it.
22. The Security Team structure changed throughout my period of employment.
Before or around 2000 there was a move away from a central corporate
investigation function (the Post Office Investigation Department, which became
the Security and Investigation Service). This function ceased and Investigation
Teams were embedded in each business unit within the Royal Mail Group (POL,
Royal Mail Letters and Parcelforce).
23. In the mid to late 2000s, POL security and investigations functions were merged
into one Security Operations Team. The investigation services and support
provided by Royal Mail Group were still available and utilised by the POL's
Investigation Team for a number of years following the move away from a central
corporate investigation function.
24. There were five teams within the Security Team: Security Operations (which
included the investigations element), Physical Security (responsible for security
Page 6 of 48
WITN08340100
WITN08340100
equipment, policies, etc), Commercial Security (responsible for stakeholder
engagement and input from conception to roll out of new products or services),
IT Security (responsible for security associated with technology, information
security and systems) and Security Admin (responsible for administration duties
associated with the wider Security Team).
25. I do not recall being significantly involved in the development or management of
policies, which were drafted by Royal Mail Group. I cannot remember whether
POL had sight of these as the years progressed. I do recall that the POL
Investigation Team also introduced their own policies, issued by the Casework
Team, in areas which were specific to them.
Guidance provided to the Security Team on the conduct of investigations
26. In addition to internal policies, the Investigation Team was also required to adhere
to legislation, which included the Police and Criminal Evidence Act 1984,
Regulation of Investigatory Powers Act 2000, Criminal Procedure and
Investigations Act 1996, Data Protection Act 1998, Human Rights Act 1998 and
Proceeds of Crime Act 2002. Policies and legislation change but I do not recall
changes of any significance, other than the introduction of new legislation e.g.
Fraud Act 2006.
27. The Request asked me to consider the document at POL00105190 ("Separation
Project — Criminal Investigations Policy for Post Office Ltd") and to describe my
involvement in the development of investigation policies after POL separated from
the Royal Mail Group. I do not remember this document or most of the activities
detailed within it. I do recall that a Memorandum of Understanding (MOU) with
Royal Mail, referred to on page 1 of the document, was developed in
Page 7 of 48
28.
29.
30.
WITN08340100
WITN08340100
order to outline roles and responsibilities of investigation staff where a joint
operation was required. Before separation, I recall obtaining policies and forms in
the lead up to Royal Mail separation. After separation, I recall that I sense-
checked and provided feedback on policy related documents when asked, though
I cannot recall specific examples.
The way investigations were conducted did not change following separation. The
same policies and legislation applied and the structure and personnel within the
team remained. As a result of separation, one Senior Lawyer from the Criminal Law
Team transferred to POL and access to services provided by Royal Mail Group
were no longer available, for example the Training & Development Team, Policies
& Procedures Team, Forensics Team, etc.
The Supplementary Request drew my attention to a series of documents which
related to and supported compliance checks which were to be carried out in 2011
and into 2012/13, but I don’t recall that these checks were undertaken. On
reviewing the email I sent to a number of recipients on 23.5.11 (POL00118096),
it appears that case files which were submitted to POL's lawyers to obtain legal
advice were to be subjected to compliance checks with a view to raising standards
in how files were presented, and to achieve a degree of consistency.
My email of 23.5.11 refers to some "relevant documents" which I believe must
have been attached to the email. I am asked specifically about versions of a
document headed "Casework Management" which were produced in 2000 and
2002 (POL00104747 (version 1.0, March 2000) and POL00104777 (version 4.0,
October 2002) and whether I was provided with either of these versions. I have no
recollection of this document, in the form of either of the two versions referred
Page 8 of 48
31.
32.
33.
34.
WITN08340100
WITN08340100
to, and am unable to say if I was provided copies of them.
The Supplementary Request also asked me what I understood by the
instructions/guidance contained within the documents about investigations and the
role of POL Legal Services. It has been some time since I would have had to
consider this guidance, but I believe I would have taken the guidance in both
versions to mean that Legal Services was responsible for deciding if information
should be disclosed in compliance with the Criminal Procedure and Investigations
Act 1996, and that a failure to follow security or operational procedures would
ultimately have to be reported to Legal Services.
The Supplementary Request also asked me what I considered to be the status of
the compliance documents contained in the Zip folder which I circulated. My
recollection is that I considered them to have been produced some time before I
circulated them (but I don’t recall now how long before I circulated them they might
have been produced). I don't now recall how I came to have these documents.
The Supplementary Request also asked me about any role I had in in the
development, management or amendment of the compliance documents. I don’t
recall having had any involvement in developing the documents, or any
amendments being made to them. As I say, my recollection at the time I circulated
them was that I understood them to have been introduced some time previously,
and that I was circulating them to other people for their information.
The Supplementary Request also asked me about the document entitled “Guide
to the Preparation and Layout of Investigation Red Label Case Files — Offender
reports & Discipline reports” (POL00118101), and my understanding of
Page 9 of 48
35.
36.
37.
WITN08340100
WITN08340100
paragraph 2.15 relating to details of failures in security, supervision, procedures
and product integrity and its relevance to Post Office’s disclosure obligations
(especially as these related to issues with Horizon). I cannot recall now what I
might have thought about the meaning of this section of the document, or its
relevance to disclosure obligations.
The Supplementary Request also asked me if I was involved in drafting the
document entitled "Identification Codes" (at POL00118104, POL00118128 and
POL00118131) and if I reviewed the document before I circulated it. I do not recall
having had any involvement in the preparation of this document; as I say, my
recollection is that I was circulating documents which had been produced
previously. I don’t recall that I reviewed the document before circulating it and I
don’t recall receiving any responses, comments or feedback from any of the
recipients to whom it was sent.
The Supplementary Request also asked why investigators were asked to assign
these identification codes. I cannot now be certain, but I believe that the
identification codes were used because we were required to complete a form called
an NPA1 ("NPA" stands for "Non-policing Agency"). The form had to be completed
if suspected offenders pleaded guilty or were found guilty. I think these forms had
to be submitted to the police so that they could record the details of offenders on
their systems.
The Request asked me to explain the process for dealing with complaints about the
conduct of an investigation by the Security team. I do not recollect the process for
dealing with such complaints, but I note from document POL00104806 ("Royal Mail
Group Security — Procedures & Standards — Standards of Behaviour and
Page 10 of 48
38.
39.
40.
WITN08340100
WITN08340100
Complaints Procedure", dated October 2007) that such complaints should be
referred to the Head of Investigations or the Complaint Manager for an initial
assessment and a decision on which procedure should be followed. I recall that I
was given the task once of assessing an investigation complaint. As I recall, a
complaint had been made by a defence solicitor about the conduct of an
Investigation Manager, and how they had conducted an interview.
The Request also asked me to explain what supervision there was, if any, of
criminal investigations carried out by Security Managers. "Security Manager" is
the term used in the Conduct of Criminal Investigation Policy at POL00031005,
which was developed in 2013 and has a section dealing with supervision of
investigations. I was an Accredited Financial Investigator by this point, so can
only speak from my experience as an Investigation Manager performing the
equivalent role. Investigation Managers were supervised by Investigation Team
Managers. Supervision of criminal investigations was led by the Criminal Law
Team, through continued liaison with the Investigation Manager. All investigations
during my last year within the Security Team were discussed and assessed at
regular meetings with the Head of Security and Senior Security Managers.
The Request also asked me to explain any differences in policy and practice in
the investigation and prosecution of Crown Office employees as compared to
subpostmasters and their managers and support staff. I am not aware that there
was any difference in policy or practice.
The Supplementary Request drew my attention to a "Project Initiation Document"
(POL00120165) referring to a project called “Product X Fraud Reduction”. I have
reviewed the document but I have no recollection of having seen the Project
Page 11 of 48
WITN08340100
WITN08340100
Initiation Document, or any recollection of the project it describes or any other
action taken in response to this. I am mentioned as being the "Project Manager" on
page 5, but cannot recall ever acting in such a role. I have no recollection of the
author, David Jones (who is also described as "Project Manager" on the front
page). The document also has conflicting information about who the Project
Sponsor is; lain Murphy is mentioned on the front page but Andy Hayward is
mentioned on page 5 of the document as being the "Project Sponsor". I don’t know
what "Product X" is a reference to either. I wonder if the Project Initiation Document
was a draft or "work in progress".
41. lalso have no recollection of the document titled "Post Office Security Programme
Plan Template" at POL00120166. This relates to a project called "HNGX", which
I think is a reference to "Horizon Next Generation". This document describes me
as the "Project Manager" and it appears that I am assigned some actions. Other
actions are assigned to Lester Chine, who I recall was, like me, also a Fraud Risk
Manager. Although I cannot recall the details of the project, it seems possible that
I was involved in its early stages, and that later actions became the responsibility
of Lester Chine.
Audit and investigation
42. The Request asked me to consider the document at POL00084813 ("Condensed
Guide for Audit Attendance") and explain the circumstances in which an
investigator would attend an audit of a branch and their role. An Investigator would
attend an audit of a branch if a shortage had been reported and they were asked
to attend the branch. Their role was to establish the facts from the Audit Team and
determine what course of action was required e.g. fact-finding interviews or
Page 12 of 48
43.
44.
45.
WITN08340100
WITN08340100
interviews under caution. They would also attend if they were leading on an
investigation and requested an audit for the day on which they intended to
conclude the operational elements of their investigation.
The Request asked me to explain how decisions were made about whether
shortfalls identified at audit would be investigated as criminal matters or as debt
recovery matters. My recollection is that each case was decided on its own merits,
and the decision was informed by a number of factors, including the amount of the
shortfall, and the current resource and workloads within the teams. The
Investigation Team Manager or a senior manager within the Investigation Team
would usually ask the Investigator to attend the branch. If an Investigation Team
Manager or senior manager was not contactable, then Investigators could also be
contacted directly by the audit team. The Investigator determined whether there
was potential criminality. Debt recovery matters were generally dealt with by the
Financial Services Centre (Late Account Team). This did not change during the
period I worked within the Security Team.
The Request also asked about the role of Contract Managers. Contract Managers
dealt with the contractual matters concerning the branch and a subpostmaster.
Contract Managers and/or Retail Line Managers may have requested an
investigation in certain circumstances, but did not get involved in the specifics of the
investigation. I am not aware this changed during the period I worked within the
Security Team.
The Request also asked me to describe the "triggers / criteria" for raising a fraud
case if a discrepancy was found on audit. There was, I recall, a document which
contained a flowchart describing what I knew as "Triggers & Timescales", but I do
Page 13 of 48
WITN08340100
WITN08340100
not recall the amounts or criteria contained within it. I do recall that the "Triggers
& Timescales" may have changed (in terms of the amounts of money which would
trigger a fraud case) due to workloads, team shrinkage, etc and that they were
not rigidly adhered to. I have noted that document POL00031005 ("Conduct of
Criminal Investigations Policy", version 0.2 dated August 2013) has a section (at
5.6) headed "Enquiry Type". This resembles the approach which went by the
name "Triggers & Timescales" which I refer to above.
Process followed by Investigators when conducting a criminal investigation
following a shortfall at an audit
46. The Request asked me to describe the process followed by Security Team
Investigators when conducting initial investigations. My recollection is that
investigators obtained all information about an audit shortage from the Auditors
who conducted the audit. The Investigator then determined what course of action
was appropriate. Their decision-making should also have factored in the most up
to date rules, standards, procedures or policy in force at the time.
Decisions about prosecution and criminal enforcement proceedings
47. The Request asked me to explain who was responsible for making decisions
about whether to bring a prosecution. Following an investigation, the Criminal Law
Team advised on whether a prosecution was viable. I do recall their advice began
with an assessment of the prospects, using phrases such as "there is a low (or
medium or high) prospect of success", which was followed by their reasons. The
Head of Investigations also provided a view on pursuing a prosecution and the
Prosecution Authority made the decision based on the information and advice
available. The Prosecution Authority was a senior member of staff within POL,
who was not part of the Security & Investigation team.
Page 14 of 48
48.
49.
50.
51.
WITN08340100
WITN08340100
The Request also asked me if, when a branch was run by a subpostmaster, the
local Contract Manager had any input into the prosecution decision-making
process. My recollection is that they did not, and that this was the position
throughout my time in the Security Team.
The Request also asked me what test was applied by those making prosecution
and charging decisions and what factors were considered at the evidential and
the public interest stage. I was not aware of the tests applied by those making
prosecution and charging decisions, although I recall that decisions and
commentary around them were placed in case files. These were matters, as I
recall, for POL's lawyers and those authorised to make these decisions. It would
not have been a matter for an individual investigator.
The Request also asked me to explain what legal advice was provided to those
making prosecution and charging decisions. I am not aware of what advice was
provided to decision-makers, so am unable to answer this question.
The Request also asked me to explain the circumstances in which steps were
taken to restrain a suspect's assets. The restraint of a suspect's assets was
considered when a financial investigation had been instigated in conjunction with a
criminal investigation, and there was a belief that assets could be dissipated. An
Investigator completed a "Financial Evaluation Sheet" (FES) which included a view
on whether they believed there was a risk that assets could be dissipated, the
Accredited Financial Investigator completed a Restraint Order application, the
Senior Authorising Officer signed off the application, and the appointed Senior
Criminal Lawyer was also informed.
Page 15 of 48
WITN08340100
WITN08340100
52. The Criminal Law Team and Accredited Financial Investigators determined
whether confiscation proceedings should be pursued. An individual would have
had to have been convicted, and consideration would have to be given to whether
they had benefitted from criminal conduct. The prosecution informed the court if
they wished to pursue confiscation.
Training, instructions and quidance to Investigators
53. The Request asked me to explain what guidance and/or training was given to
Investigators in the Security team in relation to a range of different tasks. Training
on interviewing, taking witness statements, conducting searches, evidence
gathering, disclosure and reporting was delivered in various ways. Some was
delivered by the Royal Mail Group Training and Development Team, some was
delivered by the Criminal Law Team and other training was delivered in-house by
experienced colleagues. My recollection of the training available was that it was
adequate. Policies and processes were also available on a shared electronic
platform, and hard copies were also in circulation. Changes to policies and
procedures were also circulated.
Analysing Horizon data, requesting ARQ data from Fujitsu and relationship with
Fujitsu
54. The Request asked me to describe what analysis was done by Security team
investigators of Horizon data when a shortfall was attributed to problems with
Horizon. I do not recall what analysis was done by Investigators of Horizon data if
or when a shortfall was attributed to problems with Horizon. I do recall from my own
investigations using Horizon data that it was used, for example, to demonstrate a
number of erroneous or suspicious transactions being entered one after the other,
before a branch was open for business. I also recall one of my investigations where,
Page 16 of 48
WITN08340100
WITN08340100
in branch, I obtained event logs which showed declarations of cash with an
associated shortage, followed by almost immediate increased declarations of
cash to show a balance.
Audit data from Horizon to support investigation, prosecution and/or other legal
proceedings
55. The Request asked me to describe the process for requesting Horizon data, and
the Supplementary Request asked me to include in my account a description of
the contractual requirements on Fujitsu as I understood them and the limits on the
number of ARQ requests that could be made, and whether there were any
changes between the Legacy Horizon and Horizon Online systems. I am also
asked to give an account of my role in obtaining ARQ data; who was responsible
on Fujitsu's side for providing ARQ data and an account of any other prosecution
support Fujitsu was obliged to provide.
56. As far as I can recall, the process for requesting Horizon data involved an
Investigator emailing a request to the Casework Team. The Casework Team
completed an ARQ form and emailed it to Fujitsu. I’m not aware that this process
changed over the time I worked for POL.
57. My recollection is that Fujitsu were obliged to provide a quota of Horizon logs
(mainly transaction logs and event logs) per month and per year to the Security
Team. Though I can’t remember precisely, I believe they were also obliged to
provide banking and possibly other data. The Supplementary Request drew my
attention to a series of documents called "Security Management Service: Service
Description” (FUJ00002033, FUJ00080107, FUJ00002264, FUJ00088868,
FUJ00002555, POL00002572 and POL00002666) dating from 2006. Each version
Page 17 of 48
58.
59.
60.
WITN08340100
WITN08340100
of the document deals at section 2.4 with "Service Limits and Volumetrics" and
this gives the figure of 720 ARQ requests per year. I have some recollection that,
to begin with, the figure was lower and it increased to 720, but I can't remember
when that change came about.
My recollection is that any requests over and above the amount that Fujitsu were
obliged to provide had to be paid for. Looking at the document at FUJ00152212
("Management of the Litigation Support Service” dated 27.10.09), paragraph 7.1
says that ARQ requests beyond that specified under contract would be agreed on
a "case by case basis". I don’t now recall exactly the process which had to be
followed, but having looked at another document at POL00052222 (some emails
exchanged in June — August 2009 relating to the prosecution of Seema Misra) it
would appear that I asked Penny Thomas, Security Analyst at Fujitsu, for an
estimate of the cost. This correspondence also indicates that a "formal quote"
could then be obtained. So I think there was a practice of obtaining an initial
estimate of the cost from Fujitsu, which might then lead to a request for a formal
estimate.
I do not recall what, if any, changes to Fujitsu's obligations arose as the Horizon
system evolved from Legacy Horizon to Horizon Next Generation and to Horizon
Online. As far as I was aware at the time, they were just updated versions of the
Horizon system which were rolled out over time.
As I mentioned elsewhere, between 2007 and 2008 I worked as a Casework
Manager managing the Casework Team and one of my roles was to act as the
point of contact between POL and Fujitsu in relation to ARQs. The Casework
Team would receive email requests for Horizon data from Security Managers. I
Page 18 of 48
61.
62.
63.
64.
65.
WITN08340100
WITN08340100
or another member of the Casework Team would complete the ARQ form using
the information provided by the Security Manager and forward the request to
Fujitsu.
A member of the Casework Team was able to authorise requests which were
within the limits specified in the contract and these were simply actioned. I don’t
recall there being a specific authorisation decision for these requests, as such.
I don’t know who was responsible at Fujitsu for providing the data as such, but
the people at Fujitsu I recall having contact with were Penny Thomas, Security
Analyst, and, for a brief period when I was Casework Manager, Pete Sewell.
When data was provided, it was sent in Excel format on discs.
In addition to providing ARQ data, Fujitsu staff were also required to make witness
statements in prosecution proceedings, and they were also required to attend court
and give evidence when the need arose. I don’t recall that there were any quotas or
limits on the provision of this support; looking at the document at FUJ00152212
("Management of the Litigation Support Service” dated 27.10.09), paragraphs 7.2
and 7.3 deal with expert witness statements (such support being provided on a
"case by case basis") and court attendance.
My recollection is that Fujitsu staff called on to provide a witness statement would
exhibit Horizon logs obtained in a particular case and give their view as to whether
the system in the relevant branch was operating correctly.
I cannot now recall whether ARQ data was requested as a matter of course if or
when a shortfall was attributed to problems with Horizon, or whether ARQ data
held by an Investigator was routinely provided to a subpostmaster. I don't recall
this issue having arisen in the period in which I was working as an Investigator.
Page 19 of 48
WITN08340100
WITN08340100
Relationship with Fujitsu
66. The Request also asked me to describe the circumstances in which I would have
contact with Fujitsu staff and my relationship with them. As I mentioned above, my
recollection of Fujitsu staff included Pete Sewell and Penny Thomas, who were the
liaison contacts with the Investigation Team. For a short period of time I was the
Casework Manager and maintained the Investigation Team relationship with them.
My recollection is that there were 'catch-up' meetings scheduled every two to three
months, where we could discuss the numbers of ARQ requests made, witness
statements provided and so on. As I have mentioned elsewhere, my recollection is
that I was only a Casework Manager for a few months however. As far as I can
recall, Penny Thomas was helpful and pleasant to deal with.
67. The Supplementary Request drew my attention to a document at FUJ00156122
(which I understand contains the document with the reference FUJ00156121). I
have looked at the document and note the email that I sent to various recipients on
24.2.10. It seems my involvement came about because John Scott, Head of
Security at that time, gave my name as someone who could help Mandy Talbot
with obtaining Horizon Audit logs relating to the Alresford branch. It seems to me
that my email of 24.2.10 is a follow-up to a discussion I had with Mandy Talbot and
was sent with a view to contacting various people who might have been able to
assist. It seems I then offered to arrange a conference call, but that this would be
led by Mandy Talbot. I have no recollection of attending any such call myself.
68. The Request also asked me about the role played by Gareth Jenkins in criminal
prosecutions. I recall Gareth Jenkins provided witness statements to Investigators,
including exhibits containing Horizon data that Fujitsu had supplied in response to
ARQs. My understanding of the role of Gareth Jenkins was that he provided his
Page 20 of 48
WITN08340100
WITN08340100
knowledge and experience concerning Horizon. I recall that I viewed him as an
expert witness, since he was known to have expertise, but I did not know the rules
governing independent expert evidence.
ARQ process issues
69. The Supplementary Request drew my attention to a series of emails exchanged
in January and February 2009 (FUJ00155399, FUJ00155400, FUJ00155409 and
FUJ00155421) and a draft statement (FUJ00122604). The emails are concerned
with an issue with ARQ data and I am asked to give an account of my recollection
of this issue.
70. I have reviewed these documents but I am unable to recall anything at all about
this particular issue. I can see that Penny Thomas sent me an email on 7.1.09 (at
FUJ00155399) forwarding an email that she had been copied into describing an
issue arising from a software error which occurred in 2007. The handwritten note
on the email suggests that Penny Thomas spoke to me on the same day, but I
cannot now recall having the conversation. As I read these documents, it seems
that the issue that arose was whether the discovery of this particular error might
be a relevant factor in a number of ongoing prosecutions, and if this needed to be
addressed in the evidence that Fujitsu staff may be called on to provide. I refer to
a "standard witness statement" and amendments which may be needed as a
result (at FUJ00122604).
71. The handwritten notes on FUJO0155399 suggest that I agreed to refer the matter
to POL lawyers, which I appeared to do in emails I sent to Rob Wilson, POL's Head
of Criminal Law that same day (at FUJ00155400). I seemed to be of the
Page 21 of 48
72.
73.
WITN08340100
WITN08340100
view that the amendment proposed to paragraph 11 of the standard witness
statement (adding a further point to the list of controls applied when carrying out
data extraction) was acceptable, but I saw no need to refer to the 2007 software
error if no problem had been identified in a particular case (the amendment on
page 7). Rob Wilson gave his view which I fed back to Penny Thomas on 8.1.09,
advising her not to include the additional paragraphs on page 7.
The email at FUJ00155409 which Penny Thomas sent on 21.1.09 refers to me
calling her the day before. I have no recollection of this conversation or what she
means by the "exercise" I was enquiring about. It seems likely that it would have
been the data analysis that she describes in her email to me of 4.2.09 (at
FUJ00155421) and which must have been conducted following the discovery of
the software error referred to above. I have no recollection of what happened as
a result of this review being carried out.
I should stress that by this point, in January and February 2009, I had taken up
the post of Fraud Risk Manager (as shown by my email signature on the emails I
have just referred to). I described this role in paragraph 9. Liaising with Fujitsu in
relation to prosecution cases would have been something I did in my previous
role as Casework Manager, a position which (as I have said elsewhere) I recall
only holding for a few months between 2007 and 2008. It seems possible that
these queries were directed to me during a period of transition from my old to my
new role, but ultimately whoever took on the role of Casework Manager (or the
Casework Team more widely) would likely have taken on responsibility for this
issue. I don’t recall much about the role of Casework Manager which, as I say, I
only recall occupying for a few months.
Page 22 of 48
WITN08340100
WITN08340100
Relationship with others
74, The Request asked me to describe my involvement with Cartwright King
solicitors. I recall that, following the separation of POL from Royal Mail Group (in
around 2012), Cartwright King were contracted to provide criminal legal service
work for POL. Along with some other colleagues, I recall having an initial
introductory meeting with them, and acting as a liaison point for questions or
information and also any training provision requested or deemed necessary by
either party. From recollection, my main contacts were Martin Smith and Simon
Clarke.
75. Interaction regarding my cases was mainly around financial investigations at that
stage. I was also a participant in the Horizon Integrity Meetings, along with
Cartwright King and other teams within POL, which I refer to later on in my
statement. I also recall in the last year I was in the Security Team that Cartwright
King attended some case review meetings, following on from their sift of historical
cases, and I was also asked by them to assist with the collation of case information
for referral to the Criminal Case Review Commission (CCRC).
76. The Request also asked me to describe my involvement with the National
Federation of Subpostmasters ("NFSP"). I had no involvement with the NFSP,
other than on occasions when a representative acted as a Post Office friend at
some interviews. I do not recall any names of those who attended these
interviews.
Prosecution of Mr David Yates
77. The Request asked me to set out my recollection of the case of David Yates, and
my attention has been drawn to some documents including the witness statement I
gave in the proceedings against Mr Yates (POL00112919), the audit report
Page 23 of 48
WITN08340100
WITN08340100
(POL00066457) and my _ investigation reports (POLO0112918 and
POL00113159). I have set out an account of my involvement in this case to the
best of my recollection, informed by my review of these documents.
Initial Investigation
78. My recollection of the initial investigation is informed by my investigation reports
at POL00112918 and POL00113159. On 7.3.03 I received a telephone call from
my line manager, Paul Dawkins, who informed me it looked like there was going
to be a significant audit shortage at the main Post Office in Walton-on-Thames,
Surrey. I remember that I told Paul Dawkins that there were two (main) Post
Offices in Walton-on-Thames, Mr Yates' Post Office (which I knew as the "Half
Way" branch) and the other branch in Church Street. I recall that, when it was
established that Mr Dawkins was referring to Mr Yates' branch, I told Paul that I
knew Mr Yates. I recall there was a brief discussion about whether it should be me
who attended the branch, but in the end it was decided that I would.
79. My role was to be the Investigator in the case and I recall that I attended the Post
Office, accompanied by a colleague, Rob Fitzgerald, who was also an
Investigation Manager. Investigations necessitated at least two persons to be
present when attending Post Offices and conducting enquiries. At least three
persons were required to be present at searches, if searches were thought
necessary based on enquiries. Paul Dawkins, who was my line manager and
Investigation Team Manager, also attended the Post Office later in the day.
80. At this stage I don't recall being aware of any issues that Mr Yates was
experiencing, other than that there was an expected significant audit shortage.
On arrival at the Post Office I recall that I introduced myself and Rob Fitzgerald
Page 24 of 48
81.
82.
83.
84.
WITN08340100
WITN08340100
to Mr Yates (albeit Mr Yates and I already knew each other). I explained that I
needed to speak with the Audit Manager, Paul Bosson, before any further
conversations took place.
I spoke with Paul Bosson and my recollection is that he informed me that the reason
for the audit was because of concerns which materialised from the previous audit
of 15.11.02. At that audit, cash remittances (money recorded as being sent to the
cash centre) were indicated as £330,000, but this money had not arrived at the
cash centre. (As I recall, from my experience as an auditor, the process was that
following an audit, the Audit Team received microfiche documents detailing cash
remittances confirmed as received by the cash centre.)
Paul Bosson informed me that he had asked Mr Yates to provide his cash
declaration relating to the close of business the day before the audit (6.3.03) and
the balance snapshot, which details the cash declared to complete the cash
account balance from the day before (5.3.03).
It was noted that there was a large variance in the two cash declared figures. Paul
Bosson asked Mr Yates to explain why there was such a large difference and Mr
Yates indicated he had sent a cash remittance the previous day (6.3.03) but not
booked out the remittance onto the Horizon system.
Mr Bosson then asked for the cash remittance documents and the cash in transit
receipt book, showing that the cash remittance had been sent. Mr Yates indicated
he could not find these documents and then informed Mr Bosson that he had not
sent a cash remittance the previous day and that the audit would result in a
shortage of approximately £350,000.
Page 25 of 48
85.
86.
87.
88.
89.
WITN08340100
WITN08340100
I do not recall making any further enquiries, other than gathering the handwritten
audit report and previous cash accounts to refer to during an interview with Mr
Yates.
The Request asked me who made the decision to interview Mr Yates. I have
considered the document at POL00047494 (the record of the tape recorded
interview which took place on 7.3.03). The decision to interview Mr Yates was
mine, though I don’t recall conversations with colleagues around whether an
interview was required; given the circumstances outlined by Mr Bosson, I don’t
think I would have been in any doubt that an interview needed to be carried out.
Following my discussion with Paul Bosson, I gave Mr Yates the required caution
and invited him to attend a tape recorded interview. His legal rights were
explained, which included speaking with a solicitor and having a solicitor present
at the interview. His legal rights were further explained during the interview.
Evidence shown to Mr Yates during the interview included a selection of cash
accounts and the handwritten note from Paul Bosson, detailing his conversation
with Mr Yates.
I have reviewed document POLO0066266 (Mr Yates' Amended Schedule of
Information submitted in the Bates and Others v POL litigation), in which Mr Yates
states that the tone of the interview was aggressive, that I and Rob Fitzgerald
offered no support and seemed to have decided Mr Yates was guilty. I do not accept
these views, as they do not accord with my recollection of the interview. I also recall
that Mr Yates declined the offer to have a friend or solicitor present at the interview,
which seems to me inconsistent with what he says about not being offered any
support.
Page 26 of 48
WITN08340100
WITN08340100
90. The Request asked me who decided to search the Post Office and to describe
how the search was conducted. I do not recall who specifically decided to search
the Post Office. I do recall that I, together with Rob Fitzgerald and Paul Dawkins,
carried out the search. This reflects what I recall was the standard procedure: one
person would conduct the search, another would act as a "scribe" and the third
person would act as a "chaperone" to the suspect. Other than that "a quantity of
documents" were seized (as it is put in the report), I do not remember what these
documents were.
91. The Request also asked me who decided to search Mr Yates' home and to
describe how the search was conducted. Again, I cannot recall who made the
decision to search Mr Yates' home. My recollection is that the decision was taken
after the interview with Mrs Smale. Before the search was carried out, I recall that
I asked Mr Yates if any family members would be present, should he wish to make
arrangements to ensure they were not present. I do not remember anyone else
being at the home premises during the search. I also note in report POL00113159
that one of the documents seized was a passport.
92. Having reviewed the document at POL00066266, I do not recall specifically
whether I or others found evidence to show that Mr Yates had stolen money for
his own benefit.
93. I do not recall whether Mr Yates provided access to his bank records, but I note
that during the interview this was discussed and I have no reason to doubt that
he didn’t provide access to his bank records. Again, I do not recall specifically
whether I or others found evidence to show that Mr Yates had stolen money for
his own benefit.
Page 27 of 48
94.
95.
WITN08340100
WITN08340100
The Request also asked me who decided to interview Mrs Smale and how I came
to decide that there were insufficient grounds to prosecute her. I do not recall who
specifically made the decision to interview Mrs Smale, but believe it would have
been necessary due to information that came to light which contradicted what Mr
Yates had said during his interview. Mrs Smale completed the cash accounts at
the Post Office whilst Mr Yates was on vacation in the United States for two or three
weeks in 2002. Given that Mr Yates said he had completed all cash accounts for
the past five years, this posed the question why he said he had completed all the
cash accounts when he was in fact abroad for a period.
The Request asked me why I considered there were insufficient grounds to
pursue a prosecution against Mrs Smale. I expressed my view in my report at
POL000113159, which I have reviewed. I considered there were insufficient
grounds to pursue a prosecution against Mrs Smale because she said she only
completed two cash accounts, in 2002. She also said that she was informed by
Mr Yates that there was a significant quantity of cash that was being held on the
instruction of POL (from another Post Office branch) and that this did not need to
be checked, but just added to the cash declared figure when the cash accounts
were completed. This would have been my view based on the evidence I saw,
but I emphasise that the decision whether or not to prosecute was not one I was
authorised to take. I also note from document POLO0066266 that Mr Yates
predominantly dealt with the running of the Post Office and Mrs Smale
predominantly dealt with the running of the shop. Mrs Smale made no admissions
to any dishonest activity and there was no evidence to suggest she had been
involved in such activity.
Page 28 of 48
96.
97.
98.
99.
100.
WITN08340100
WITN08340100
My attention has been drawn to the document at POL00113159 and the Request
asked me to address a number of questions in respect of this report.
The purpose of the report at POL00113159 was to provide details of the
investigation to relevant stakeholders (the narrative section of the report is
headed "Legal Services", but my recollection is that it would have gone initially to
the Casework Team and then to the Criminal Law team, and also to the
Prosecution Authority). The report also includes areas of perceived weaknesses
in POL procedures and processes. The case file was submitted to the Casework
Team who forwarded the file to relevant prosecution decision makers and also
email reports to relevant stakeholders.
I have stated within the report that current processes seem to have been adhered
to. As far as I can recall, this was based on the understanding that auditors recorded
remittances with a view to verifying that they have been received and accepted by
the Cash Centre at a later date.
I also stated in the report that the auditors at previous audits appeared to have
been "duped". As far as I can recall, this was based on the understanding that Mr
Yates had recorded remittances as having been despatched, but which were not
actually despatched.
I also stated in the report that Martin Ferlinc had instigated enquiries into the
matter due to the large amount of the audit shortage in this case. My recollection
is that Martin Ferlinc, as Head of Audit, led on a review of the processes carried
out by the audit team, to prevent the recurrence of a similar audit shortage in
future.
Page 29 of 48
WITN08340100
WITN08340100
101. I also highlighted in the report that the Inventory Management Team was an area
of concern. I believe I said this because the Inventory Management Team was
responsible for allocating and monitoring daily and weekly cash targets at Post
Offices. Despite the daily cash declarations regarding Walton-on-Thames Post
Office being of a "reasonable" amount, these amounts spiked significantly on
balancing/cash account days over a long timeframe.
102. I recall that my overall view of the adequacy of POL's internal controls was that
they were weak, which is why I detailed my concerns within the report.
Additional documents relating to the David Yates case
103. The Request asked me to describe any further investigation I conducted. My
recollection is that I was told to liaise with Joe Ashton, Head of Civil Litigation. I
recall that the case was outsourced to a litigation firm, to consider and pursue the
recovery of the loss in this case. Aside from some telephone calls, I recall
providing the firm we had outsourced the case to with all requested information
and documents held concerning the case. I recall that it was my view that this
was a firm that specialised in identifying assets and acted on behalf of POL in
trying to recover losses. I am not aware of the details or outcome of their
investigations.
104. The Request asked if I carried out any analysis of Horizon data to show how the
cumulative shortfall built up. I do not remember carrying out any analysis of
Horizon data or indeed whether Horizon transaction and event logs were obtained
as part of this investigation.
105. The Supplementary Request draws my attention to a spreadsheet at
POL00118519. I have looked at this document, which appears to be a log of calls
Page 30 of 48
WITN08340100
WITN08340100
made from the Walton-on-Thames branch, possibly to the Network Business
Support Centre (given the nature of some of the enquiries). I don't recall having
requested this log or of having had sight of it before. It doesn’t appear to me to
be a log of Horizon data per se, but some of the entries mention Horizon and
others mention errors and error notices.
106. As I recall, the main reason for not carrying out analysis of Horizon data would have
been that Mr Yates provided an account, made admissions to taking money and
falsifying accounts, albeit that he could not recall specific amounts. The activity he
had admitted to — according to the transcript of the interview — took place over a
three to five year period, some of which would have predated the introduction of
Horizon. My recollection in this, and in other prosecution cases, was the case file
was submitted, and relevant stakeholders had sight of and input into the case.
Investigators continued to be involved in the case, but they worked to the
instructions of the Criminal Law Team. I do not recall any of the stakeholders
suggesting or instructing me to obtain and analyse Horizon data.
107. I do not recall receiving any legal advice, other than ‘business as usual’ legal
instructions and correspondence e.g. what the charges were, obtaining process,
attending court. However, I note that document POL00112919 is a witness
statement completed by me on 11.7.03, so assume I was advised to complete
this statement.
108. I had no involvement in the decision to charge Mr Yates. Charging decisions were
made by the Prosecution Authority in conjunction with advice from the Head of
Investigations and the Criminal Law Team.
Page 31 of 48
109.
WITN08340100
WITN08340100
Aside from the account I have provided above, I do not recall any further
involvement in this case before court proceedings commenced.
R-v- Mr Yates
110.
111.
112.
113.
The Request asked me to describe the circumstances in which I provided a
witness statement in the criminal proceedings against Mr Yates. I do not
remember the circumstances in which I provided a witness statement in the
criminal proceedings against Mr Yates. The witness statement was probably
completed as part of a committal bundle submission or I was instructed to provide
the witness statement as part of a skeleton committal bundle.
Whilst I do not recall which individuals I had contact with during the drafting of my
witness statement, I note from document POL00112919 that I have made
reference to schedules containing details of error notices obtained from
Chesterfield, which I exhibited to my statement as Exhibits DP/6 and DP/7. There
is also reference to two previous audit reports exhibited as items MD/1 and MD/2.
It seems likely that I would have had to liaise with colleagues to obtain this
information. I do not recall discussions with individuals who provided a witness
statement.
My understanding of my role in the case was to establish whether there was an
audit shortage, obtain details from the Audit Manager and offer Mr Yates the
opportunity to provide an account and/or his explanation for the loss. Thereafter
my role was to receive instructions from the Criminal Law Team and act on them.
I do not recall any further involvement I had in the case against Mr Yates.
Page 32 of 48
WITN08340100
WITN08340100
114. My attention has been drawn to the document at POL00113278, the judgment of
the Court of Appeal in Josephine Hamilton & Others v Post Office Limitedin 2021
(and in particular at paragraphs 328 to 332), and the Request asked me to give my
reflections on how the investigation and prosecution of Mr Yates was conducted. I
respect the judgment of the Court of Appeal and the court's remarks and
observations about the conduct of the investigation.
Prosecution of Josephine Hamilton
115. The Supplementary Request drew my attention to two documents at
POL00118877 (the "Antecedents form" relating to Josephine Hamilton) and
POL00118990 (the Suspect Offender Reporting form in that case) and asked me
for an account of my involvement in the case.
116. The Suspect Offender Reporting form refers to Graham Brander as the Investigator
and Geoff Hall as the Investigation Team Manager. I recall that at some stage there
was a restructure of the Investigation teams and I became Graham Brander's line
manager (the Antecedents form refers to me as Supervising Officer). I don’t have
any recollection of being involved in this case or having any issues about it brought
to me by Graham Brander. The Antecedents form would have been completed at
the very end of the case; it seems to me possible that I only became Graham's line
manager at a late stage of the case.
Prosecution of Ms Seema Misra
117. The Request asked me to provide an account of my involvement in the case of
Seema Misra. I had very limited involvement in this case. I acted as neither the first,
second or third officer, nor was I the Team Manager or Financial Investigator. The
Page 33 of 48
WITN08340100
WITN08340100
information I have seen suggests that John Longman was the Investigator. I was
his line manager for a period when I was the Investigation Team Manager, but at
the time of the events described in these documents, I was the Fraud Risk Manager
and was not John's line manager.
118. I was not responsible for disclosure in connection with any legal action against Ms
Misra. Having reviewed the documents that have been drawn to my attention,
it would seem that I was involved in requests for Horizon transaction data,
communications following a conference call about challenges to Horizon and
assisting a colleague in trying to trace individuals associated with the case.
119. I have reviewed the email at POL00107817 and what I said about being unable
to authorise Fujitsu to carry out John Longman’s request for transaction log data
covering the period 30.6.05 to 14.1.08. I have also reviewed the emails mentioned
in the Supplementary Request covering the period July and August 2009
(FUJ00152818, FUJ00154846, FUJ00154848 and FUJ00154851)
120. I referred to the “contract” that POL had with Fujitsu. My recollection is that POL
had a contractual arrangement with Fujitsu under which Fujitsu supplied
transaction and event log data to the Security Team to assist in investigations. I
referred to the limited allowance of ARQs available under this contract, the cost
and impact on other resources, and asked John Longman to seek views/input
from the criminal lawyer in the case. I believe this position reflected a
policy/procedure that was communicated to me during the brief spell I was
Casework Manager. I recall some occasions when requests made from outside
of the Security Team were dealt with. Requests made within the ARQ limit were
dealt with, but requests outside the limit needed to be approved. I didn’t have
Page 34 of 48
WITN08340100
WITN08340100
autonomy to stray from the process but acted on instructions from senior
management or lawyers when the need arose.
121. In one of the emails I sent to Penny Thomas, dated 5.8.09, I advised her that I
had not authorised an ARQ, and suggested that the cost of making the request
could be borne by the Defence. To that end I asked how much the request would
cost, and Penny Thomas provided an estimate by letter the same day (at
FUJ00154846).
122. I note that POL Legal Services wrote to Ms Misra's solicitors on 14.8.09 in relation
to the request for Horizon data (the letter is among the documents at
FUJ00154851) asking for further information about what they required and its
relevance. The letter advised of the costs associated with retrieving data and POL
would not underwrite the cost if Counsel's opinion was that the data was
irrelevant. POL's Legal Services evidently sent the letter (along with some legal
advice which is not among the documents I have reviewed) to John Longman
who sent it on to me. I described the letter sent to Ms Misra's solicitors as a "good
letter" but am unable to recall why I took that view.
123. I note that at the time I exchanged emails with John Longman about this case (in
August 2009) I was a Fraud Risk Manager, so don’t know why this request came
to me because I don't recall having had responsibility at that time for obtaining or
authorising data (I remained, as I have said elsewhere, responsible for maintaining
the relationship with Fujitsu). I am also puzzled by the fact that before the request
was made by John Longman, it would appear that I had already made an ARQ
with the same parameters on 9.6.09 (the document at POL00051793). I cannot
Page 35 of 48
WITN08340100
WITN08340100
now recall the reasons for or the circumstances surrounding for making that
request.
124. (At this stage, I note that the Supplementary Request drew my attention to the
document at FUJ00154859 (the minutes of a meeting on 3.11.09). The meeting
recorded in this document appears to be a meeting of "RMGA Litigation
Support/POL Fraud team". The minutes refer to me as "POL Fraud Risk
Manager", and on page 2 refers to the fact that "the migration of the POL
Casework support function is now complete as Dave [which I take to be a
reference to me] formally handed his responsibility over to the Salford Team".
This prompts me to recall that for a transitional period I continued to have some
role in the functions of the Casework team after I became Fraud Risk Manager,
but that this must have finally come to an end by November 2009.)
125. I have also reviewed the email at POLO0107817 which records my view about
many cases in which the defendant pleaded guilty "at the eleventh hour" and where
no evidence is found to challenge Fujitsu data. My view that many cases plead
guilty at the eleventh hour and/or nothing is found by expert to challenge Fujitsu
data, was, I believe, based on my experience of events at the time. I recall that late
guilty pleas often occurred, whether Horizon-related cases or not, and I do not
recall a case whereby the Fujitsu data was challenged insofar as it resulted in a
prosecution being ceased or a prosecution being unsuccessful.
126. Whilst I do not remember using the term “the usual attempts of muddying the
waters”, I think this derives from unsuccessful challenges to Fujitsu data and
perhaps a view that as word had got around about Horizon, some individuals
raised Horizon concerns as a defence.
Page 36 of 48
WITN08340100
WITN08340100
127. My attention is drawn to a series of email exchanges among POL staff during
February and March 2010 at POL00106867, which discussed a review of the
“integrity” of the Horizon system. I do not recall any specific contribution I made
to this review. I note that Andy Hayward’s email of 26.2.10 summarises the
actions arising from a conference call which had taken place that day. It seems
that the reference to “DP” in this email is a reference to me, and I note that I was
asked to forward details of two other cases in which the Horizon had been
challenged; another action was that I would continue with my investigation into
the “Alresford” case and “feed into MT [Mandy Talbot] & wider review”. Andy
Hayward also asked that any “immediate responses” from the other recipients be
sent to me since he was going away. I don’t recall details of any actions I took in
response to this or any responses I received.
128. I note that I was not included in the initial emails exchanged in late February and
was only cc’d in the remaining emails. This accords with my recollection that I
didn’t play a leading part in the review of the “integrity” of the Horizon system
referred to here or in the conference call on 26.2.10. I note that on the 1.3.10 I
sent an email to the email group asking that they ensure that Rob Wilson, Head
of Criminal Law, Royal Mail Group was copied into the emails. My recollection is
that I was concerned that he needed to be ‘kept in the loop’, in his role as head
of Criminal Law and would need to be aware of any issues that might impact on
prosecutions (the emails suggest he had not been copied into emails and had not
attended the conference call on 26.2.10).
129. In the email exchange I said that “our prosecution cases have faced an increase
in challenges”. Looking back over these exchanges now, I think it was generally
known at the time this email exchange took place that alleged errors with the
Page 37 of 48
WITN08340100
WITN08340100
Horizon system were being cited to explain accounting discrepancies. It seems to
me that this is what the early emails in this exchange (which I was not a party to)
are directed at, to obtain a sense of in how many cases Horizon issues had been
raised. Rob Wilson, in his email of 3.3.10 refers also to the "persistent challenges
that have been made in court" and again on 9.3.10 he refers to "additional
difficulties in relation to challenges to Horizon". I also refer to prosecution and civil
cases facing "an increase in challenges", which I assume refers to challenges
which cited issues with Horizon.
130. I recall having some awareness about Horizon challenges, but the corporate
position was that Horizon was working correctly, and that evidence provided by
Fujitsu colleagues consistently backed this position up.
131. The Request asked if I thought an internal investigation was necessary. I can't
recall if I had a view on whether an internal investigation was necessary.
132. Rob Wilson's email is addressed to me and refers to a "memo". I cannot recall,
nor is it apparent to me from reviewing this email exchange, what the "memo" is
he is referring to. I don’t recall writing a memo. As I read this exchange (and this
accords with my recollection) I had no role in instigating the review that is
described here and wasn't involved in the organisation of the conference call, so
I can’t say why Mr Wilson wasn’t invited. As I say above, I must have been
concerned that he needed to be ‘kept in the loop’ on this issue.
133. At the time that these email exchanges were taking place, I was not directly
involved in any criminal cases; again, by this time I was in the role of Fraud Risk
Manager and I would not have been involved in the day-to-day running of
investigations or prosecutions. I’m not able to say what consideration was being
Page 38 of 48
WITN08340100
WITN08340100
given to Ms Misra's case in light of the discussions which were taking place at the
time.
134. My attention is drawn to the series of reports prepared by Charles McLachlan, the
expert called by Ms Misra, and statements by Gareth Jenkins commenting on the
reports. I don't recall having any direct involvement with the matters raised in
these reports or of Fujitsu's response to them.
135. At POL00062550 there is a witness statement made by John Longman in which
he gives an account of his investigation into a crime report made by former
employee of Ms Misra. This, together with an email he sent me on 1.5.09 prompts
me to recall that I attended a couple of addresses in Woking/West Byfleet to assist
John Longman who was trying to trace some individuals connected with this. John
Longman's statement quotes from a notebook entry I made after attending these
properties. At the time, this was not a task that would have fallen within my
responsibilities, but it seems likely that I carried out these visits to assist John; I
had known him for some time and also because I lived near to the Woking/West
Byfleet area.
136. Other than assisting John Longman with these property visits, and my apparent
involvement in the ARQ which I describe above (in paragraphs 120 onwards) I am
afraid that I do not have any recollection of being involved in Ms Misra's case, so I
don't feel that I am able to comment on the role that individuals from Fujitsu played
or the position taken on the role that Horizon errors might have played.
137. The Request asked me to describe my involvement in the financial investigation
and enforcement proceedings in respect of Ms Misra. I don’t recall having any
involvement in the financial investigation or the enforcement proceedings against
Page 39 of 48
WITN08340100
WITN08340100
Ms Misra. My understanding from the documents I have reviewed is that Paul
Southin was the Financial Investigator in that case. The document at
POL00093975 is an email from me dated 25.1.08. I recall that one of my roles as
Casework Manager was to notify stakeholders of the outcome of recoveries in a
case. It seems that by sending this email, I was circulating the "Funding
Notification" document to the recipients.
138. My attention is drawn to the document at POL00057691 containing an email
which Alison Bolsover, Branch Conformance and Liaison Manager sent to me on
4.5.12 regarding Ms Misra's case, which she refers to as being one of the cases
on a “Horizon issues Spreadsheet". I am unable to recall exactly, but on reading
this email correspondence I assume that Alison Bolsover (whose role I think
included some debt recovery work) had a spreadsheet which listed cases where
Horizon issues had been cited by defendants in prosecution proceedings. I don't
recall that I had a role in maintaining such a spreadsheet, but it seems plausible
that there might have been a spreadsheet containing such information, since by
that time there would have been some awareness that the reliability of Horizon
was being cited as a factor in criminal cases, and I recall that Cartwright King
were conducting checks on a number of cases by this time. I do recall that
financial investigation work pretty much froze around the time Cartwright King
were undertaking their assessments.
139. I have considered the document at POL00113278, the judgment of the Court of
Appeal in Josephine Hamilton & Others v Post Office Limited and particular those
sections referring to Ms Misra's case. As I said above, this is not a case in which I
played a leading role, but I acknowledge the position I took in relation to the ARQ
data request (at paragraph 122 above). In hindsight, and in light of what is now
Page 40 of 48
WITN08340100
WITN08340100
known about the faults in the Horizon system, I am inclined to agree that knowledge
of the faults in the Horizon system might have had an impact on the conduct of the
prosecution case. For my part, I considered that I was following practices and
procedures that had been introduced to manage ARQ requests, but I was content
for requests to be made and agreed if my managers or POL's lawyers instructed
me that it was necessary to obtain ARQ data as evidence in prosecution cases.
Prosecution / criminal enforcement proceedings against Khayyam Ishaq
140. The Supplementary Request drew my attention to a series of documents relating
to the case of Khayyam Ishaq. I do not recall having had any involvement in this
criminal case. The documents which I have reviewed appear to relate to POCA
proceedings to recover money from Mr Ishaq. It seems to me that this case was
assigned to Helen Dickinson. From what I recall, she was training to become an
Accredited Financial Investigator at that time and hadn't yet attained her
accreditation. She was therefore unable to apply for court orders. I applied for the
Confiscation Order on her behalf as I was accredited. As I recall, she would have
prepared documents and I would check them and make the application. Aside
from this, I don't recall having had any involvement in the enforcement
proceedings.
General matters
141. The Request asked me to what extent I considered a challenge to the integrity of
the Horizon system in one particular case to be relevant to other cases. I did not
consider a challenge to the integrity of Horizon in one case to be relevant to other
ongoing or future cases. Although I recognise that POL's corporate position was
that there were no systematic issues with the Horizon system, I took it that
Page 41 of 48
WITN08340100
WITN08340100
individual prosecutions were to be taken on their own merits, and that evidence
from Fujitsu would be required in each case where these issues were raised.
142. The Request also asked me to what extent I considered the investigation into
bugs, errors and defects in Horizon was sufficiently carried out by POL, and
whether sufficient information was provided by Fujitsu. With the benefit of
hindsight, I do not consider the investigation into bugs, errors and defects in
Horizon was sufficiently carried out by POL. This is based on my recollection that
POL maintained a position that the system was sound and robust and working
properly at all times, which has transpired not to be the case.
143. Again, with the benefit of hindsight, it seems to me that Fujitsu, as the owner and
operator of Horizon, ought to have identified bugs, errors and defects in Horizon,
which may have caused losses, and passed such information to POL. This may
have occurred at some stage by default or by accident, but the impact to
numerous individuals has been significant and issues should have been reported
speedily and as a matter of course.
144. I do not consider that I had sufficient information regarding bugs, errors and
defects in Horizon which may have caused losses; indeed I do not recollect being
informed by POL or Fujitsu of such issues. I feel as though these are the two
sources that should have informed myself and teams within POL. I cannot
attribute these failures to specific individuals; for example, I have no awareness
of who in Fujitsu might have been responsible for ‘signing off Horizon as being fit
for purpose if that assessment wasn't merited, or who within POL accepted that
position, or who knew that there might be issues with Horizon or how they found
out about this. My understanding of the situation is informed by the general stories
Page 42 of 48
WITN08340100
WITN08340100
and claims I heard since my time working at POL, for example that senior
individuals were told about possible bugs and errors some time previously, but
that appropriate action wasn't taken.
Review of challenges to Horizon Integrity / Post Office investigations
145. The Supplementary Request asked me about my involvement in the
investigations carried out by POL into the integrity of Horizon and/or the impact
on prosecutions. I have no recollection of being involved in the Second Sight
investigation or the Bates and Others group litigation. Nor do I recall having been
involved in the investigations carried out by Brian Altman KC or Jonathan Swift
KC.
146. I do recall being aware of some of the outcomes of the review of cases carried
out by Cartwright King, and that some cases were recommended to be closed
with no further action. My recollection is that where such a recommendation was
made, Security Managers were responsible for closing the criminal cases and
Financial Investigators were responsible for closing financial investigation cases.
That aside, I don’t recall having any involvement personally.
147. Paragraph 15(iv) of the Supplementary Request referred me to a series of
documents containing minutes of a number of meetings held over the course of
2013 to 2015. In my last couple of years working within the Security Team, I
participated in these meetings (I referred to them as "Horizon Integrity meetings").
These were weekly conference call meetings attended by different people
representing different teams within POL. Any issues or claims or information
which had come to the attention of teams across the business, relating primarily
to Horizon, were raised at these meetings. These issues were collated and any
Page 43 of 48
WITN08340100
WITN08340100
actions identified. I recall notifying Security Managers that if Horizon was
mentioned during the course of investigation, then details should be flagged to
me to be raised at these Horizon Integrity meetings.
148. The Supplementary Request drew my attention to the document at
POL00118547, entitled “Business, Innovation and Skills Committee: Inquiry into
Post Office Mediation” and asks me what my role was and any input I had into
this document. I don’t recall playing any role in relation to this or contributing to
the document.
150. I have no further reflections on these matters or other matters relevant to the
Inquiry’s Terms of Reference, and there are no other matters I wish to bring to
the attention of the Chair of the Inquiry.
Statement of Truth
I believe the content of this statement to be true.
Dave Posnett (Oct 4, 2023, 9:16am)
04 Oct 2023
Dated:
Page 44 of 48
Index to First Witness Statement of David Posnett
WITN08340100
WITN08340100
No. URN Document description Control Number
4 POL00105190 I Separation Project - Criminal Investigations I POL-0080815
Policy for POL
2 POL00118096 I Email from Andrew Wise to Michael VIS00012685
Stanway forwarding an email re Casework
Compliance
3 POL00104747 I Investigation Policy: Casework Management I POL-0080387
(England & Wales) v1.0
4 POL00104777 I Investigation Policy: Casework Management I POL-0080417
(England & Wales) v4.0
5 POL00118101 I Appendix 3 - Offender reports and Discipline I VISO0012690
reports: "Compliance Guide to the
Preparation and Layout of Investigation Red
Label Case Files" - undated (date taken
from parent email)
6 POL00118104 I Appendix 6 - Identification codes (undated - I VISO00012693
date taken from parent email)
7 POL00118128 I Race Identification Codes, numbers 1-7. V1IS00012717
8 POL00118131 I Identification Codes, numbers 1-7 VIS00012720
9 POL00104806 I Royal Mail Group Security —- Procedures and I POL-0080438
Standards: Standards of behaviour and
complaints procedure No.10-X v2
10 POL00031005 I Conduct of Criminal Investigation Policy for I POL-0027487
the Post Office. (Version 0.2)
11 POL00120165 I Post Office - Security Project Initiation POL-0125850
Document (PID) - Product X Fraud Reductio.
v1
12 POL00120166 I Report of Project HNGX to support the POL-0125851
migration of all branches to Horizon Online
(HOL) from Dave Posnett
13 POL00084813 I Condensed Guide For Audit Attendance POL-0081871
14 POL00031005 I Conduct of Criminal Investigation Policy for I POL-0027487
the Post Office. (Version 0.2)
15 FUJ00002033 I Fujitsu Services Security Management POINQ0008204F
Service: Service Description. Version 1.0
16 FUJ00080107 I Fujitsu's Guidance on Security management I POINQ0086278F
service: Service Description (v.2)
17 FUJ00002264 I Fujitsu and Post Office Document re: POINQ0008435F
Security Management Service: Service
Description v3
18 FUJ00088868 I Fujitsu/Post Office Security Management POINQ0095039F
Service: Service Description (v3.5)
19 FUJ00002555_‘I Fujitsu Security Management Service: POINQ0008726F
Service Description, HNG-X and HNG-X
Application Roll Out Transitional Period,
Version 4.0.
Page 45 of 48
20
POL00002572
Fujitsu Security Management Service:
Service Description v 5.0
WITN08340100
WITN08340100
VIS00003586
21
POL00002666
Fujitsu/Post Office Fujitsu Services Security
management service: service description
VIS00003680
22
FUJ00152212
Management of the Litigation Support
Service - Fujitsu v1.0
POINQ0158406F
23
POL00052222
Email from John Longman to Phil Taylor Re:
WS for West Byfleet HSH calls.
POL-0048701
24
FUJ00156122
Email from Tom Lillywhite to Suzie Kirkham
and Gareth Jenkins re Alresford Large debt
outstanding , legal request for info
POINQ0162316F
25
FUJ00155399
Email to Dave Posnett from Penny Thomas
re Security Incident which occurred and has
been resolved with software correction
POINQ0161593F
26
FUJ00155400
Email from Thomas Penny to Pritchard
Howard, Warham Wendy and Denham
Steve Re: Security Incident
POINQ0161594F
27
FUJ00155409
Email to Penny Thomas to Steve Denham,
Howard Pritchard, Peter Sewell and another
Re: Outlet Checking List - Audit Issue
POINQ0161603F
28
FUJ00155421
Email from Thomas Penny to Denham
Steve, Sewell Peter Re: FW: Security
Incident
POINQ0161615F
29
FUJ00122604
Standard form Fujitsu draft Witness
Statement re: extraction of audit archived
data with mark-up and comments from
Penny Thomas Version 7.0 (0308) (CS11A)
(Slide A)
POINQ0128818F
30
POL00112919
Witness Statement of Dave Posnett
POL-0110319
31
POL00066457
David Yates case study: Memo from Paul
Bosson to Dave Posnett re: Audit of Walton
On Thames 090 023
POL-0062936
32
POL00112918
Offence of two offenders - Theft/False
Accounting
POL-0110318
33
POL00113159
Post Office Limited Case Files from Dave
Posnett of David Peter Yates and Lindsey
Susan Smale - Walton on Thames - 090 023
POL-0110543
34
POL00047494
David Yates - Record of Tape Recorded
Interview 7 March 2003
POL-0043973
35
POL00066266
The Post Office Group Litigation, Alan Bates
& Others and Post Office Ltd.: David Yates
schedule of information
POL-0062745
36
POL00118519
Spreadsheet - Report of Incident IDs, SPM
names, Description, Incident Log,
Resolution, etc. from the Walton on Thames
PO between 13/07/2000 to 31/03/2003
POL-0118449
Page 46 of 48
37
POL00113278
Approved Judgment between Josephine
Hamilton & Others and Post Office Limited
WITN08340100
WITN08340100
POL-0110657
38
POL00118877
Antecedents of Josephine Hamilton - Officer
in Case Graham Brander, Supervising
Officer Dave Posnett
POL-0118796
39
POL00118990
Josephine Hamilton criminal case study -
Suspect offender reporting form to be
emailed to Casework team, case file no.
POLTD 0506/068, Josephine Hamilton
POL-0118909
40
POL00107817
Email from John Longman to Phil Taylor re:
Fw: Trial of Seema Misra - West Byfleet
SPSO - Branch Code 126023 Guilford
Crown Court 30th November 2009( Four day
trial)
POL-0106062
4
FUJ00152818
Email from Tony Jeffery to Andy Dunks and
Penny Thomas re trial of Seema Misra -
West Byfleet SPSO, Guildford Crown Court.
POINQ0159013F
42
FUJ00154846
Seema Misra case study: Email from Penny
Thomas to Guy Wilkerson re: Estimate for a
Request for Information
POINQ0161041F
43
FUJ00154848
Email from Thomas Penny to Dave Posnett
and John Longman re witness statement for
West Byfleet HSH calls (Seema Misra
criminal case study)
POINQ0161043F
44
FUJ00154851
Seema Misra case study - Email chain with
Dave Posnett, John Longman and Thomas
Penny - Re: R v Seema Misra
POINQ0161046F
45
POL00051793
Audit Record Query (ARQ) for West Byfleet
PO
POL-0048272
46
FUJ00154859
Lee Castleton case study: RMGA/POL
Litigation Fraud Team Meeting Summary
POINQ0161054F
47
POL00106867
Email from Rob G Wilson to Dave Posnette,
Doug Evnas, CC Andy Hayward, Dave King,
Mandy Talbot re Challenges to Horizon
POL-0105175
48
POL00062550
Seema Misra Case Study - Witness
statement of Jon Longman dated 29/05/09.
POL-0059029
49
POL00093975
Email from Dave Posnett to Clive Burton,
CC Paul Dann, Marle Crockett and others re
Investigation Team Recovery - West Byfleet,
SPSO 126023.
POL-0094097
50
POL00057691
Email from Dave Posnett to Graham C
Ward, RE: FW: West Byfleet
POL-0054170
51
POL00118547
Business, Innovation and Skills Committee:
Inquiry into Post Office Mediation
Supplementary evidence of Post Office
Limited
POL-0118466
Page 47 of 48
WITN08340100
WITN08340100
Page 48 of 48