WITN08390100
WITN08390100
Witness Name: John Scott
Statement No: WITN08390100
Dated: 12.05.2023
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF JOHN SCOTT
I, John Scott, will say as follows:
INTRODUCTION
1. I was employed by the Post Office Ltd (“POL”) and other Royal Mail Group
(“RMG”) organisations from February 1993 to September 2016.
2. This witness statement is made to assist the Post Office Horizon IT Inquiry
(the “Inquiry”) with the matters set out in the Rule 9 Request dated 12 April
2023 (the “Request’).
3. I have addressed the questions put to me by the Inquiry honestly and to the
best of my ability, based on my memory of events. However, I wish to highlight
that many of the events which I have been asked to comment on took place
some ten or more years ago and, due to this passage of time, it has been
difficult for me to recall certain events and information. Similarly, some of the
matters that I have been asked to comment on are outside my personal
Page 1 of 58
WITN08390100
WITN08390100
knowledge. Where I am unable to recall something or consider it is outside
my knowledge I have indicated this.
4. Please note that I use the term “Network” throughout this statement to
describe the various individuals and systems at POL which are responsible
for the overall management and operation of Sub Post Offices, Branch Offices
and Franchises (i.e. Branches within retail outlets such as The Co-Op and
McColl’s).
BACKGROUND
5. I have a MSc in Security & Risk Management focusing on preventive security
and criminology. I also have other supporting industry qualifications such as
a Diploma in Anti-Money Laundering.
6. From February 1993 until September 2016 I was employed by Post Office
Corporate Centre, Royal Mail Letters and ultimately POL, which separated
from RMG in 2012.
7. I assumed the role of POL Head of Security in 2007, and I held this position
until I left the organisation in 2016. Prior to 2007, I had held various roles
within RMG Security Teams, which I have outlined below:
1) Assistant Investigation Officer (1993-1995);
2) Temporary Investigation Officer (1995);
Page 2 of 58
WITN08390100
WITN08390100
3) Royal Mail Security Team Manager (1996-1998);
4) Reorganisation Project Manager (for Post Office Security and
Investigations Services and Royal Mail Security) (1998-1999);
5) Head of Security for Royal Mail International (1999-2004); and
6) POL Senior Security Manager for Physical Security (2004- 2007).
8. Cost reductions were a constant and increasing priority throughout the period
of my employment and the business was restructured many times throughout
my career in an effort to drive down cost. One such restructure in 2006 led to
the formation of a centralised Security department within POL; prior to this,
the security functions had operated under various other departments. Upon
assuming my role as Head of Security in 2007, I organised this centralised
team into core “strands”, each with responsibility and conduct over a particular
security discipline. Some strands evolved or were amalgamated over time,
but broadly, the strands were as follows:
1) Risk (Analysis and Intelligence) strand.
2) Commercial Security strand.
3) Asset Security strand.
4) Physical Security Operations strand.
5) Fraud strand.
9. The Risk strand dealt with security events such as burglary, robbery, kidnap,
and internal and external fraud providing data, intelligence and statistical
analysis.
Page 3 of 58
WITN08390100
WITN08390100
10. The Commercial Security strand dealt with policy standards and procedures
for POL products and services such as mail, telephony, government, mails
and financial services, with a view to preventing fraud and money laundering.
11. The Asset Security strand was responsible for defining the policies, standards
and procedures for buildings, vehicles, equipment and people in respect of
physical attacks (such as burglary, robbery and kidnapping).
12.The Physical Security Operations strand was an operational team, which
engaged with Post Offices and Cash Centres across the UK. Amongst other
things, this team provided advice on, and responded to, incidents of burglary,
robbery and kidnapping at POL sites.
13.The Fraud strand was a nationwide operational team responsible for
conducting investigations into alleged criminal offences such as theft, fraud
and false accounting in respect of Post Offices, Cash Centres, Cash in Transit
vehicles and corporate matters (such as travelling expenses). The Financial
Investigations team, which dealt with the recovery of assets, sat within this
team, as did the Fraud Prevention team, which was responsible for conducting
analysis, supported by the Risk Strand, to develop loss and fraud preventative
measures occurring in various areas (for example, postage label fraud). The
former was in existence prior to my taking over the team, while the latter was
set up after my arrival in 2007.
Page 4 of 58
WITN08390100
WITN08390100
14.Around 2011, I merged the Fraud and Physical Security Operations strands
to create the “Security Operations” strand. This decision was made as part of
the effort to drive financial efficiency in line with POL’s aforementioned cost-
saving agenda, and to create a strand which would be multi-skilled thereby
increasing flexibility and resource capability.
15. From 2009 to 2012, the Information Security Team - which previously had
been operating under the IT department - was transferred to the Security
Team becoming an additional core strand. This team was responsible for
information security policies, standards and procedures in relation to systems
and data access, and for providing related advisory services to POL.
16. Each strand was led by a Senior Security Manager, who was colloquially
referred to within POL and their teams as the “head of’ their relevant team. I
note that the Inquiry has asked me to provide an overview of my role as “Head
of Commercial Fraud”, and I believe this is likely to be a reference to the
Senior Security Manager in the Commercial Security strand. This is not a role
that I have ever held.
17.As Head of Security, I was the principal manager of all the strands. However,
in general, I had little to no involvement in their day-to-day operations; I dealt
with things at a corporate and organisational level. I have not sought to lay out
every element of the job in this statement, but I have below provided a broad
overview of what my responsibilities and key priorities were. This information
provides context to later paragraphs, where I have responded to specific
Page 5 of 58
WITN08390100
WITN08390100
questions the Inquiry has asked in respect of my role and my involvement in
investigations and prosecutions.
18.The Fraud team had been in place since 1999. I was informed by my
predecessor, Tony Marsh, that the Fraud Team was well established, that the
investigative framework was effective and running well, and that the
investigators were proficient in their role and able to effectively organise and
run investigations. That was also my experience. The team also worked
directly with the Legal function which provided advice and direction on many
aspects of their work. I had one-to-one meetings with the “heads of” all the
strands monthly and no issues were ever flagged to me in respect of the Fraud
team and the operation of criminal investigations. I was not involved in
carrying out or overseeing criminal investigations on a day-to-day basis and
an investigation was only ever flagged to me on rare occasions where it was
of a particularly serious or sensitive nature. Even when a matter was
escalated to me, I would not have had operational input into the investigation
itself; my role was primarily one of management and only occasionally one of
oversight in respect of specific investigations. To a large extent the Fraud
team ran itself with only a need for minimal input from me as overall manager.
19.My remit in respect of investigations did slightly change towards the end of
2013 when I was asked by my line manager at the time, POL General
Counsel, Susan Crichton, to review and sign off on any new investigation files
in respect of their progression to prosecution. I recall that she made this
request verbally and I do not recall what reason she gave. I agreed and took
Page 6 of 58
WITN08390100
WITN08390100
on the role of reviewing and signing off on any new prosecutions sometime
between mid to late 2013. In practice this required me to review those cases
that the Legal Team had determined met the standard for prosecution. I do
not recall the numbers or details of any of these cases but think it likely that I
would have approved the recommendation of the Legal Team in most or all of
these cases. This is subject to the important qualification that at this time, and
until I left POL in 2016, no prosecutions of new cases were proceeding
because it had been deemed necessary to identify a new subject matter
expert to give assurance on the Horizon system for court proceedings.
20.In my role as Head of Security there were a range of serious issues that
required my attention. One area which was a particular priority for me was
physical threats against Sub Postmasters (“SPMs”), and POL employees.
21.As noted, I held the role of Head of Physical Security Operations from 2004
and at this time POL experienced around 1000 plus incidents a year including
burglaries, robberies and kidnappings. I managed to successfully put in place
measures to reduce this number, but many attacks continued to take place.
As POL Head of Security, the most serious of these incidents would be
reported up to me. I would immediately become the operational lead upon
notification and was required to assemble my team to respond to events in
real time.
22.1 recall one such event following a robbery at a Post Office which had tragically
resulted in the murder of the son of the SPM. This event led to an intense
Page 7 of 58
WITN08390100
WITN08390100
flurry of action over a period of several weeks, where I was co-ordinating my
team to support the police investigation, supporting those who were directly
responsible for providing support to the deceased's family, and managing the
flow of information to the relevant parts of the business, including to its parent
RMG senior executives. The latter responsibility entailed writing reports on a
daily basis, which I continued to do for a period of two to three months after
the event. I recall that I also dealt with numerous kidnappings during my
tenure, which often occurred at night and continued through to the next day.
False alerts were also not unusual. All these events took up a significant
amount of my time, attention, and resource when they occurred.
23.Physical threats by their nature would materialise suddenly and require an
immediate response, as indicated above. More consistent however was the
project management work I undertook as part of my role. There were
numerous large projects being undertaken across the strands which I often
set up and led on, and which often ran for several years. For example, I was
heavily involved in the payment card industry data security standards
(“PCIDSS”) project, which was set up under the Information Security strand. I
was also involved in a project which centred on the money laundering
regulations.
24.On assuming the role as Head of Security, I brought with me a personal
interest in information gathering and data/intelligence analysis to identify and
drive down losses. I had developed this in my previous role. I therefore was
keen to drive the compilation and analysis of POL information data
Page 8 of 58
WITN08390100
WITN08390100
(‘Management Information” or “MI”) across the security business in respect of
both crime and non-crime related losses. My ethos was one of loss prevention
rather than merely reacting to loss. Therefore, in addition to the projects
mentioned above, I set up and oversaw various loss reduction projects. This
includes the Loss Reduction Programme which I discuss at paragraphs 56 to
58. During the course of these projects, data would be gathered from various
systems and products to help to identify where losses were occurring. Manual
analysis would then be conducted in respect of the biggest and most repetitive
losses identified across POL sites, whether Crowns, Sub Post Offices or
Franchise Offices, so that solutions and controls could be developed and put
in place. Over the course of 2 to 3 years, analysis was conducted on around
15 to 20 products and services to identify how the losses were being created.
This analysis was conducted by the Risk Strand and supported by the Fraud
Prevention Team.
25.This manual approach to data collection required a good deal of resources
and management given the size of POL’s Network, which is why I suggested
that POL acquire a digital solution. I subsequently commissioned (supported
by Susan Crichton, POL General Counsel) Detica, a subsidiary of BAE
Systems Plc, to conduct an initial review of POL’s systems with a loss and
fraud digitalisation goal in mind. Following its review, Detica advised that data
mapping of all POL’s systems would be required to obtain a proper
understanding of data management. POL subsequently put out a tender for
companies to carry out this process, which Detica won. Detica carried out the
data mapping and published its final report in 2013, making various
Page 9 of 58
WITN08390100
WITN08390100
recommendations in respect of POL processes and systems. I have not
reviewed that report in preparing this statement and do not recall these
recommendations in detail. I do recall that I worked with Detica to draw up a
business case for implementing these recommendations. Detica estimated
that the cost of the proposal would be between £3m and £5m. I discussed the
case with the Chief Financial Officer who deferred the decision to the
Programme Director for the Branch Support Programme at the time - Angela
van den Bogerd. Angela van den Bogerd ultimately elected to go with a less
expensive alternative solution provided by Fujitsu. I had no part in this
decision.
26. To summarise, my role as Head of Security was a multifaceted one which,
amongst other things, required me to manage sensitive and demanding
situations, travel frequently, and oversee various large and complex projects.
ROLE OF THE SECURITY TEAM AND THE POLICIES / PRACTICES IN PLACE
RELATING TO CRIMINAL INVESTIGATION AND PROSECUTION
27.1 have been asked by the Inquiry to comment on the role of the Security Team
and the policies and practices in place in respect of criminal investigations and
prosecutions at POL. Broadly, I have been asked to comment on:
1) the rationale for, and history of, bringing private prosecutions at RUG
and POL;
2) policies and processes governing the conduct of criminal
Page 10 of 58
WITN08390100
WITN08390100
investigations;
3) policies and processes governing audits and suspensions; and
4) policies and processes on prosecutions and criminal enforcement
proceedings.
I have addressed the specific questions raised by the Inquiry in each of these
areas below.
1. The rationale for, and history of, bringing private prosecutions at RMG
and POL
28.1 am reminded by document LCAS0000124 that RMG had a long history of
carrying out its own investigations and bringing private prosecutions. I do not
have any particular recollection of the rationale for this and had no particular
view about it. It was the position when I took up my role and continued to be
throughout my tenure.
29.As noted previously, POL separated from RMG in April 2012. I recall that at
some point before this separation I asked my line manager, Susan Crichton,
whether POL would continue to bring private prosecutions as an independent
entity, or whether I should plan to close down that side of my team. I raised
this query so that I could organise and resource my team accordingly ahead
of the separation. I understood, I think from Susan, that she took the query to
the board of directors who determined that prosecutions would continue at
POL post-April 2012.
Page 11 of 58
WITN08390100
WITN08390100
30.POL still had a policy of bringing private prosecutions when I left the
organisation in 2016, subject to a new Horizon subject matter expert being
identified. As far as I can recall, no new prosecutions were commenced from
July 2013 as a new subject matter expert was not in place.
2. Policies and processes governing the conduct of criminal investigations
General policies
31.1 have been asked to consider the following policies, and to explain my role in
their development: POL00030578, POL00104812, POL00104806,
POL00031004, POL00031003, POL00030580, POL00030579,
POL00026573, POL00104857, POL00031008, POL00104853,
POL00104855, POL00030786, POL00104929, POL00105226,
POL00030602, POL00031005, POL00027863 and POL00030902.
32. I do not recall these policies and I had no role in their development, though I
probably would have seen some of them while I was at POL.
33.1 note that some of the policies listed are RMG documents. Until 2012, all
RMG policies directly applied to POL as a subsidiary. These would therefore
have been written and developed by RMG.
34. I also note that some of the policies list me as the owner or as someone who
Page 12 of 58
WITN08390100
WITN08390100
has assured them, for example, POL00030578 and POL00030580. To
reiterate, I do not recall these documents and I am unable to comment as to
why I am listed as an assurer or an owner.
Organisation and structure of the Security Team
35. The Inquiry has asked that I comment on the organisation and structure of the
Security Team, and any significant changes made during my time as Head of
Security. I have provided general commentary on this at paragraphs 8 to 16
above but will elaborate further here.
36.As outlined, I inherited the Security Team in 2007 and restructured it into
strands, each strand with a separate function and set of responsibilities and
disciplines. There were no major changes to this general structure, save for
the aforementioned reassignment of the Information Security strand (in 2009
to 2012), and the merging of the Fraud and Physical Security Operations
strands.
37. From 2007 until approximately 2010 or 2011, I reported into the Director of
Operations, a role held respectively during that period by Ric Francis, Dave
Smith (temporarily, for about three months) and finally Mike Young. In 2010
or 2011, I began reporting into POL’s General Counsel instead. Susan
Crichton was General Counsel from around 2010 or 2011 until 2013. She was
succeeded by Chris Aujard in 2013, and then by Jane McCloud who assumed
the role in 2015.
Page 13 of 58
WITN08390100
WITN08390100
38.Whilst part of RMG, the Head of Security role had a “dotted line” reporting into
the RMG Group Security Director. From 2007 to about 2008, I reported to
Andrew Wilson and thereafter his successor Tony Marsh who was my
predecessor as Head of Security POL. This naturally ceased at separation.
39. The management structure of each strand varied slightly from strand to strand
but, as a rule, each team was led by a Senior Security Manager (or “head of’),
who reported up to me, with at least one other senior manager underneath.
All operational team members were middle managers or above. As previously
mentioned, I had one-to-one monthly meetings with the head of each strand,
during which they could raise any issues or concerns. I do not recall that any
issues in respect of the integrity of investigations or investigator's capability
were ever flagged to me, as explained earlier.
40.The Fraud strand, which from around 2011 merged with Physical Security
Operations strand to become the Security Operations strand, was the strand
responsible for carrying out criminal investigations. The team was led by a
Senior Security Manager who went under different informal titles during the
period in which I was Head of Security. They were colloquially known as the
“head of’ whatever the team was called at any given time. This role was held
by Tony Utting on a long term basis until 2007. Tony was succeeded by Dave
Pardoe, followed by lain Murphy (2010/2011), Rob King (2011/2012) and
finally Amy Quirk (2015) who was still in the role when I left POL in 2016. An
individual called David Pettit may also have performed this role for a short
Page 14 of 58
WITN08390100
WITN08390100
period. This Senior Security Manager was supported by another senior
manager and team leaders, who the investigators reported up to. There was
no direct reporting line from the investigators up to me.
The operation of investigations
41.1 have been asked numerous questions pertaining to the operation of
investigations during my tenure at POL, specifically with regards to:
i. who within the investigation team determined how a criminal
investigation would be conducted;
ii. the role and involvement of the Financial Investigation Unit (“FIU”);
iii. the role and involvement of other teams in the process;
iv. what legislation, policies, guidance and / or principles governed the
conduct of investigations and how this changed;
v. the process for dealing with complaints about conduct of an
investigation;
vi. the supervision conducted over investigations by Security Managers;
vii. I POL’s approach to suspected fraud and combatting fraud; and
viii. I any differences in, and changes to, the policy and practice regarding
the practice of Crown Office employees.
42.I have addressed these questions as far as I can in the paragraphs that follow,
but as explained above, I was not involved in the day-to-day operations of any
of the strands, including the Fraud/Security Operations strand. I would only
Page 15 of 58
WITN08390100
WITN08390100
have had awareness of specific cases on the rare occasions on which they
were escalated to me. Likewise, I only had and have limited knowledge on the
mechanics of an investigation.
43. The Fraud strand senior management and team leaders were responsible for
the conduct of the investigations along with the investigators. As explained at
paragraph 18, I was told by my predecessor that the investigators in the team
were experienced and I understood that they were well versed in investigative
processes. I therefore assume that it would have been the investigators
themselves who would decide how a criminal investigation would be
conducted, applying the relevant policies as appropriate.
44. In terms of the FIU, this was a subgroup that always sat within the Fraud
strand, including before it became part of the new structure in 2007. I did not
set up the FIU; the team was already established when I assumed my role as
Head of Security. This team was comprised of qualified financial investigators
with various powers under the Proceeds of Crimes Act 2002, who were
trained, assessed and qualified by the police service. I understand that the
police provided supervision and oversight of their activities although I am not
certain on what basis. I am not able to comment on the specific circumstances
and process for engaging the FIU in an investigation.
45.From my knowledge I can say that the Fraud/Security Operations strand was
free to call upon any other team to assist with their investigation, including the
Legal Team (as explained further later in this statement), other operational
Page 16 of 58
WITN08390100
WITN08390100
teams and MI teams. They could also access external vendors such as
Fujitsu, Camelot and the ATM providers. The investigators would have had
constant engagement with wider teams in POL.
46.With regards to the legislation, policies, guidance and / or principles governed
the conduct of investigations, I have a general awareness of the application
of certain criminal legislation to criminal investigations. I am aware that such
legislation applied to POL investigations subject to their respective jurisdiction
(ie. England and Wales, Scotland and Northern Ireland). As with all law
related matters, the Legal Team would have been expected to provide
guidance and direction as required. In terms of applicable policies and
guidance, I have read the various RMG and POL policies which governed
POL investigations but I cannot recall seeing these documents before (though
I may well have done) and I have no detailed knowledge of how investigation
procedures were implemented. Similarly, I am not able to comment on any
changes in respect of any relevant policies, guidance or principles; I was not
involved in any such changes.
47. In terms of complaints, I would have been aware that there was a complaints
process for investigations in place at POL and I have seen POL00104893 in
the Inquiry document bundle which details how to deal with complaints from
suspects. However, I do not recall this document and was not involved in
dealing with complaints generally, except on rare occasions when they were
escalated to me.
Page 17 of 58
WITN08390100
WITN08390100
48.In terms of the supervision of criminal investigations, investigators were
managed and supervised by team leaders, who in turn were supervised by
the senior managers. I would have expected any issues that required my
attention or involvement to have been escalated to me. My recollection is that
this happened infrequently.
49.Turning to explain POL’s approach to suspected fraud and the responsibilities
of the Security Team in combatting fraud, when I took up the role of Head of
Security in 2007, there was a strong pro-prosecution stance in respect of
losses resulting from fraud. As outlined at paragraph 24 above, I stepped into
the role with a more holistic view and agenda for dealing with losses generally,
and aimed to promote a broader strategy for the Security Team which would
focus more on prevention. The approach to combatting fraud was therefore
twofold; to investigate and prosecute fraud where appropriate in line with the
policy requirement, but also to look for ways to identify and prevent fraud
through other means.
50.On the preventative side, I had established the previously mentioned Fraud
Prevention team within the Fraud/Security Operations strand who were
helping to drive data analysis of root causes in respect of fraud and losses,
and to formulate controls to prevent loss and fraud. On the prosecutorial side,
namely where fraud was suspected, the investigators within the
Fraud/Security Operations strand would investigate and progress the case
accordingly. The FIU might feed into the prosecutorial approach, but as
mentioned above, I do not know the specific circumstances in which they
Page 18 of 58
WITN08390100
WITN08390100
would be engaged in an investigation, or triggers to their involvement.
51.Finally, with regards to investigations concerning Crown Office employees; as
far as I am aware, there was no distinction drawn between Crown Office
employees and SPMs in terms of the policies and practices regarding
investigation.
Specific policies
52.The Inquiry has asked me to specifically consider POLO0104900 and to
comment on the impact that the separation of POL from RMG had on the
criminal investigations policy within POL. I am not aware of any significant
impact; POL of course adopted its own policies, though as far as I am aware
these largely reflected the previous RMG policies and prosecutions continued
as they had before.
53.Similarly, I have been asked to comment on the rationale behind the
development of a Post Office specific “Conduct of Criminal Investigations
Policy” in 2013 (which I understand is a reference to POL00094143) and to
advise whether the draft “Post Office Fraud and Loss Prevention Policy” from
2013 at POL00038603, was ever finalised or approved. I do not recall seeing
these policies before. I am not aware of the rationale for the development of
POL00094143 and I do not recall making any contribution to it. I note that I
am listed as having reviewed and signed off on POL00038603 and I am not
sure why that is the case. I do not know if this policy was ever finalised or
Page 19 of 58
WITN08390100
WITN08390100
approved.
54.1 have also been asked to consider the document entitled “Security Team
Objectives 2013 — 2014” dated April 2013 at POL00105025. In particular, I
have been asked to explain what the Loss Reduction Board and the related
Loss Reduction Programme were, when they were set up, and what their
purpose was.
55.POL00105025 sets out the objectives of every member of the Security Team
for 2013-2014. I recall that this document was produced ahead of one of our
annual POL Security Team conferences. The conference was a two-day event
for the entire Security Team, during which we discussed the objectives for the
next 12 months, heard from various strands about the specific work they had
been doing, and engaged in team building activities. I do not know why
POL00105025 was produced but I think it must have been to provide visibility
of the objectives across the strands. I do not believe such a document was
ever produced again, although everyone had objectives set each year.
56. I can see that the Loss Reduction Programme and Loss Reduction Board are
referred to under my objectives. I can confirm that I was responsible for driving
and overseeing both of these areas.
57.POL’s loss ledger included losses from across the entire business, including
criminal losses such as fraud, burglary, robbery and kidnapping and non-
crime related losses. The Loss Reduction Programme was a project centred
Page 20 of 58
WITN08390100
WITN08390100
on driving down the non-crime related losses on the ledger. The purpose of
the Loss Reduction Board was to oversee the programme and to consider
how to deal with the losses. Crime related losses were dealt with separately.
58.1 am not exactly sure when this programme was set up, but I think that it was
some time in 2013. I recall that I set up monthly meetings for the Loss
Reduction Board which I chaired, and that I assigned Tony Newman, a Senior
Manager from the Commercial Security strand, as the project lead. He was
responsible for liaising with the relevant stakeholders on the project.
3. Policies and processes governing audits and suspensions
Audits
59.The Inquiry has asked me to address various questions about audits,
including their relevance to, and impact on, prosecutions. These questions
require me to comment on:
i. the circumstances in which an auditor would be sent to conduct an
audit at a Post Office Branch;
ii. the circumstances around an investigator’s attendance at, and role in,
Branch audits;
iii. how short falls identified as part of an audit were dealt with;
iv. cash verification exercises; and
v. _ the process followed by Security Team investigators when conducting
Page 21 of 58
WITN08390100
WITN08390100
a criminal investigation following the identification of a shortfall at an
audit.
60.My insight into the audit process is limited, as the Audit team was a wholly
separate team to the Security Team during my tenure. I am therefore unable
to explain the specific circumstances in which an auditor would be sent to
conduct a Branch audit. The Security Team could instigate an audit as they
so desired and there were probably a range of circumstances which might
trigger this course of action. For example, where an outlier was spotted as a
result of analysis that the team had carried out, or where an issue was raised
by the POL Network.
6
.In respect of the circumstances around an investigator's attendance at, and
role in, Branch audits I have been referred to POL00084813. This is a guide
on audit attendance and it is not a document that I recognise and is most likely
an Audit team document. I would think that the terms of any audit attendance
would be organised by the investigator and / or team leader / management of
the Fraud/Security Operations strand with the relevant auditor.
62.1 have been asked several questions in respect of shortfalls identified during
an audit. First, I have been asked to advise who the auditor would report
shortfalls or discrepancies to. I am unable to comment on this; I have no
awareness of the what the Audit team’s notification or escalation processes
were.
Page 22 of 58
WITN08390100
WITN08390100
63.Secondly, I have been asked to explain what and who determined whether an
investigation into potential criminality was conducted by the Security Team
where a shortfall was identified, or whether the case was taken forwards as a
debt recovery matter by the Financial Services Centre and / or the relevant
Legal Team. I have also been asked to explain whether this process changed
during my tenure. I recall that as a general rule, it would be the Network
managers (a Branch manager, for example) who would request the
assistance of the Security Team. They may have had criteria to meet in order
to trigger an investigation, but I have no knowledge of this. If the investigator
had requested the audit, then the investigator would be involved in the
decision to investigate. I am not aware of any change to this process
throughout my tenure.
64. Thirdly, I have been asked whether the SPM'’s local contract manager would
have had any input into the decision to investigate where a shortfall was
identified following an audit, and whether this changed during my tenure. As
explained above, Network managers did have input into the decision-making
process, as they were the persons who decided to report to the Security Team
or not. I am not aware of any changes being imposed.
65. Finally, I have been asked what the triggers / criteria were for raising a fraud
case following the identification of a shortfall / discrepancy ina SPM’s Branch,
whether the triggers / criteria for raising a theft or false accounting case were
different and if so what were they, and whether this changed during my tenure.
I have been referred to Appendix 1 of POL00104825 as a document aid. I can
Page 23 of 58
WITN08390100
WITN08390100
see from this document that there were triggers / criteria for raising a fraud
case and I do not believe there would have been different triggers for raising
a theft or false accounting case. However, this is not within my knowledge and
I cannot confirm.
66.1 note that the Inquiry has specifically highlighted that by February 2013 there
was a set process/order of steps for Security Team investigators to follow, as
per POL00105223, and it has asked me to comment on how the process was
different prior to this date. I cannot recall this document; however, I do not
recall any significant changes to this process being escalated.
67.In respect of cash verification exercises, I have been asked to consider
POL00104825, which is a memo to the Security Team dated 15 December
2009. Specifically, I have been asked to explain the rationale for conducting
cash verification exercises in all Branches “(except Crowns)” ahead of the
migration to Horizon online, and to explain the impact of this requirement and
the migration to Horizon online more broadly on the work of the Fraud strand.
I do not recall this memo and I do not know whether I have seen it before.
However, I can understand its contents and I am therefore able to comment
on it.
68.The memo refers to a one-off programme of audit visits which were to take
place ahead of the transition from Horizon Legacy (Horizon Version 1) to
Horizon Online (Horizon Version 2). As part of the transition programme, it
was decided that, upon transfer, every office would go through a cash and
Page 24 of 58
WITN08390100
WITN08390100
stock verification exercise. I do not recall that the Crown Offices were not
included. I do not know why that was the case.
69.The rationale for conducting these audits was to ensure that any
discrepancies in the old system (Horizon Version 1) were addressed and not
carried through to the new system. I cannot specifically recall what the impact
of these audits was, nor can I recall the impact of the migration on the work of
the Security Team generally. As suggested by the memo, a possible spike in
the number of frauds uncovered was expected upon migration to Horizon
Online. I do not recall whether this spike did in fact materialise.
70.1 have also been asked to consider Appendix 2 within POL00104825, in
respect of the aforementioned cash verification exercise, which sets out three
levels of security officers. The Inquiry has asked me to advise whether the
requirement for cash verifications to be carried out at all non-Crown Branches
impacted upon the decision making around what level of officer should be
involved in potential fraud investigations. All investigations were led by, what
is defined within this document as, a level 1 competent investigator regardless
of Branch type or investigation type.
Suspensions
71. In respect of suspensions, I have been asked to comment on how decisions
about suspensions were linked to decisions about whether or not to raise a
fraud case. I have also been asked to consider and to explain the Security
Page 25 of 58
WITN08390100
WITN08390100
Team's role in suspension decisions where a shortfall was identified by an
audit, and whether the decision-making around suspensions differed as
between Crown Office employees and SPMs.
72.1 am not aware of a connection between a suspension and a decision to raise
fraud case. Any decisions around suspensions were considered in their own
right and the Security Team had no role in making them. The POL Network
would decide whether they wanted to suspend an individual or not. There
were times when investigators effected suspensions based on the decision of
the relevant Network manager and line management after investigation
findings were fed back to them, but investigators were never involved in the
suspension decision itself. It follows that I cannot comment on any differences
in the decision-making process with regards to Crown Office employees and
SPMs as the Network would make these decisions. I have considered
POL00104809 and POL00105231 which the Inquiry has highlighted as
relevant to the issue of suspensions. I do not recall seeing these documents
before and they do not affect the answer I have given.
4. Policies and processes relating to prosecutions
Prosecution policies
73.The Inquiry has asked me to consider the following policies and explain my
role in their development: POL00030659; POL00030800; POL00031011;
POL00030580; POL00031008 (in particular, paragraph 3.2.9);
Page 26 of 58
WITN08390100
WITN08390100
POL00030598; POL00030685; POL00031034; POL00104929;
POL00105226; POL00030602; POL00030686; and POL00030811. I do not
recall these policies and had no role in their development, including those that
list me as an owner or assurer, such as POL00030580. Any policies on
prosecution would have been decided by RMG prior to separation, and post
separation by the POL Board and the Legal Team.
74.1 have also been asked to describe POL’s prosecution policy, the rationale
behind it, its aims and any way in which is changed during my time at POL. I
have already provided commentary on this as far as I am able to, at
paragraphs 28 to 30, and 49 to 50 above.
Decision making
75.1 have been asked to explain who decided whether a SPM or Crown Office
employee should be prosecuted by POL, and what considerations determined
whether a prosecution was brought.
76.Until 2013, prosecution decisions were signed off by the head of the
Fraud/Security Operations strand. Investigators and their managers had an
open line of communication with the RMG or POL Legal Team, who would
provide the direction on prosecutions. I took over the “sign off’ function in mid
to late 2013. The process I adopted in assuming this decision maker role was
to review and consider the entire investigation file, including any notes or
advice from the POL Legal Team. As previously mentioned, I recall that I did
Page 27 of 58
WITN08390100
WITN08390100
authorise a number of prosecutions, however I do not recall any being
progressed as a new subject matter expert had not been identified.
77.The Inquiry has also asked whether the SPMs' local contract manager would
have any input into this decision-making process and whether this changed
during the period I work at POL. In addition, it has asked me to explain the
test for prosecution and public interest applied to cases.
78.1 do not know to what extent the local contract manager had any input into the
decision-making process, although I would have expected that there would
have been informal discussion between the investigator and the Branch. In
terms of the test for prosecution and public interest, this is something the Legal
Team would have provided advice on. I have seen the test mentioned in the
documentation provided by the Inquiry which would have provided the
direction of decision making at the time.
79.1 note that the Inquiry has requested my insight on what advice, legal or
otherwise, was provided to those making decisions about whether to
prosecute a SPM or Crown Office employee, whether legal advice was
provided internally or externally, and whether a particular approach applied to
cases where a shortfall was identified on audit.
80.As previously stated, all advice and direction on prosecutions decisions was
provided by RMG or POL’s lawyers, with whom the investigators and their
managers had an open line of communication. In addition, the team was able
to liaise with POL’s external lawyers in respect of advice on prosecutions. I
Page 28 of 58
WITN08390100
WITN08390100
am not aware of an alternative approach being applied to cases where a
shortfall was found during audit, but I cannot really comment because I was
not involved in dealing with audits.
81.The above only describes the position in England and Wales. My
understanding is that in Scotland the decision to prosecute was taken by the
Procurator Fiscal, and in Northern Ireland by the Public Prosecution Service,
in both cases, on the basis of their review of the evidence presented to them
by the POL investigators.
Financial Restraint and Confiscation
82. The Inquiry has asked me to explain in what circumstances steps to restrain
a suspect's assets by criminal enforcement methods, such as confiscation
proceedings, would be considered. More generally, it has asked who decided
whether such proceedings should be pursued and what factors they
considered in making such a decision.
83.1 am unable to answer either of these questions as I would not have had any
involvement in this process or decisions, although policies were in place. Any
decisions on criminal enforcement methods would be dealt with by the FIU
with their senior managers with direction and advice from RMG or POL’s
lawyers.
Page 29 of 58
WITN08390100
WITN08390100
TRAINING, INSTRUCTIONS AND GUIDANCE TO INVESTIGATORS WITHIN THE
SECURITY TEAM
84. With respect to training and guidance given to investigators I have been
asked to provide information on:
1) training, qualifications and / or experience required for an investigator
within the Security Team to be able to conduct investigations where a
SPM / SPM’s assistant / Crown Office employee was suspected of a
criminal offence and whether these requirements changed;
2) documentation, instructions, guidance and / or training given to
investigators within the Security Team in respect of:
vi.
vii.
viii.
interviewing a SPM / SPM’s assistant / Crown Office employee
who was suspected of a criminal offence;
. taking witness statements in the course of an investigation;
conducting searches in the course of an investigation;
the duty of an investigation to investigate a case fully;
obtaining evidence in the course of an investigation;
whether, and in what circumstances, evidence should be sought
from third parties who might hold relevant evidence and, in
particular, Fujitsu, where shortfalls were identified in Branch;
an investigator's disclosure obligations; and
drafting investigation reports to enable a decision to be made
Page 30 of 58
WITN08390100
WITN08390100
about the future conduct of a case.
85.In considering the training, qualifications and / or experience required for an
investigator within the Security Team to be able to conduct investigations
where a SPM/ SPM’s assistant / Crown Office employee was suspected of a
criminal offence (and whether these requirements changed) I have been
directed to consider the following documents: Appendix 2 of POL00104825,
POL00104805, POL00104932, POL00104944, POL00104945,
POL00104948, POL00104953, POL00104952, POL00104986,
POL00104989, POL00105002, POL00105008 and POL00105099.
86.1 do not recall these documents, though I may have seen some of them when
I worked for POL. I have a general understanding of the training, qualifications
and experience required for the role of a POL investigator based on my own
knowledge. These requirements would have been set and assessed by the
RMG, and then later by POL Security Operations senior management.
Similarly, where new investigators were being recruited — although I was not
involved in the process apart from for senior managers - my messaging to the
team was that they should look to hire individuals with a police or law
enforcement background which would be an advantage, on account of the
skills and experience those individuals would bring. I do not recall being
informed of any changes in respect of the training, skills and experience
required of investigators.
87. Similarly, I am unable to comment on any instructions, guidance and / or
Page 31 of 58
WITN08390100
WITN08390100
training given to investigators within the Security Team in respect of the areas
listed at (i) to (viii) above. I note that the Inquiry has provided various policies
in relation to each of the areas, asking whether these documents were
provided to investigators and for a summary of the key points in each. For
brevity I do not cite all these documents here, but they have been included in
the Index to this statement. Nevertheless, as before, I do not recall these
documents; I do not know if or how they were provided to the investigators,
however I would expect the Fraud strand senior management to have
provided them.
ANALYSING HORIZON DATA AND REQUESTING ARQ DATA FROM FUJITSU
88. The Inquiry has asked me to answer a range of questions in respect of:
1) my knowledge on Horizon data; and
2) ARQ requests.
1. My knowledge on Horizon data
89.The Inquiry has directed me to consider the last heading on page 6 of the
document entitled “Security Operations Casework Review” (February 2013)
at POL00105223. I have been asked to comment on what analysis was done
by Security Team investigators on Horizon data when a SPM / SPM's
assistant / Crown Office employee attributed a shortfall to problems with
Page 32 of 58
WITN08390100
WITN08390100
Horizon, prior to the introduction of the tool Credence (which the Inquiry
understands to have been introduced in 2009).
90. I note that the heading I have been referred to on page 6 of POL00105223 is
“Credence”. I do not recall or have any knowledge of Credence or when it was
introduced.
91.1 do not know what analysis was done on Horizon data where a SPM/ SPM's
assistant / Crown Office employee attributed a shortfall to problems with
Horizon. I was not routinely notified of such issues; these would have been
dealt with by the management team in the Fraud/Security Operations strand.
92.1 have also been asked to explain the process for requesting Horizon data
from Fujitsu and how that process changed over time. In general terms, I know
that investigators would have been able to obtain information from Fujitsu, the
system developer, but I do not recall exactly how such information was
requested and obtained.
93.1 have also been asked to advise whether POL00105213 is of relevance to
this question and if I can assist with the likely date of the document. I do not
recall this document and have no idea of its date.
2. ARQ Logs
94.In respect of ARQ logs, the Inquiry has asked me to:
Page 33 of 58
WITN08390100
WITN08390100
i. outline my understanding of ARQ logs and their use, as well as any
other logs I was aware of and how they differed from ARQ logs;
ii. confirm whether there was a formalised process for requesting ARQ
data from Fujitsu prior to the publication of POL00105222 in September
2013;
iii. I explain who made the decision as to whether ARQ data was requested
from Fujitsu in any given case;
iv. comment on whether ARQ data was requested as a matter of course
where a shortfall had been identified and the relevant SPM / SPM’s
assistant/ Crown Office employee attributed the shortfall to problems
with Horizon but did not have corroborating evidence of material
problems with Horizon, and if not, why not; and
v. comment on whether ARQ data was provided to the relevant SPM as
a matter of course where such data was obtained from Fujitsu in
circumstances where a shortfall had been identified and the relevant
SPM was attributing the shortfall to problems with Horizon (considering
POL00004708).
95.1 am aware that ARQ logs were provided for within the Security Team budget.
I understood that ARQ was used as data analysis of the Branch activity in
question, but I have no knowledge of precisely what information was actually
contained in the report or how it was used. These records would have been
managed by investigators and the managers in the Fraud strand. I was not
involved in the process and had no awareness generally of how and when
ARQ data was requested from Fujitsu, how decisions were made and whether
Page 34 of 58
WITN08390100
WITN08390100
SPMs were provided with any data that was obtained.
96.1 have considered POL00105222 and POL00004708 and cannot comment in
respect of either document. I note that POL00004708 is an email chain which
refers to such a shortfall situation and a request for data. I am not part of the
email chain and do not recall seeing it before. I was not involved in these types
of discussions, as a matter of course.
ALLOCATION OF RESOURCES AND_ PRIORITISATION OF CRIMINAL
INVESTIGATIONS
97.1 have been asked to consider POL00031003 (in particular, sections 5.5 to
5.7) and POL00030786 (in particular, section 4) and to explain:
1) what principles governed the prioritisation of criminal investigations
where the level or volume of crime activity affecting a business unit
exceeded its capacity to investigate;
2) what factors were relevant when deciding on the level of resources to
be allocated to a criminal investigation, and who had responsibility for
making this decision; and
3) during my time as Head of Security, what factors I considered to be
relevant to any decision I made regarding the allocation of resources
for criminal investigations across business units.
Page 35 of 58
WITN08390100
WITN08390100
98.1 do not recall either POLO0031003 or POLO0030786. The prioritisation of
cases and allocation of resources was determined by management within the
Fraud strand, I assume in accordance with the relevant guidance and policy.
I do not recall any particular concerns being raised to my attention regarding
these issues.
99.As I took a fraud and loss preventative approach through in depth data
analysis, alternative loss and fraud preventative methods were adopted and
thereby investigations would not necessarily be the primary choice of
direction. Around 2008-2009, the Group Security Director of RMG to which I
had a reporting line, Tony Marsh, challenged this approach and insisted on
full investigations to be carried and prosecutions conducted where
appropriate. An assessment identified that this would require a further 40-50
investigators and after discussions at senior executive level by RMG and POL,
the preventative approach was accepted and adopted as the way forward for
POL.
100. With regards to the question as to what factors I considered relevant to
resource allocations, I was not specifically required to consider the allocation
of resources for criminal investigations across RMG business units (Royal
Mail Letters, Parcel Force etc). I was responsible for allocating resources
across the POL Security Team strands which I would do in conjunction with
the heads of the strands; we would discuss the priorities across the team and
workloads and design a structure to meet the requirements with the head
count we had. As the team head count reduced over time, the Fraud strand
Page 36 of 58
WITN08390100
WITN08390100
and Physical Security Operations strand were merged to become multi-
skilled, as discussed at paragraph 14.
CASES AGAINST SPMS
101. I have been asked to comment on my recollection of the criminal cases
against the following SPMs:
1) Nichola Arch;
2) Susan Hazzleton;
3) Lisa Brennan;
4) David Yates;
5) Carl Page;
6) David Blakey;
7) Tahir Mahmood;
8) Oyeteju Adedayo;
9) Hughie Thomas;
10) Suzanne Palmer;
11) Janet Skinner;
12) Jo Hamilton;
13) Pauline Stonehouse;
14) Susan Rudkin;
15) Julian Wilson;
16) Peter Holmes;
17) Seema Misra;
Page 37 of 58
WITN08390100
WITN08390100
18) Allison Henderson;
19) Alison Hall;
20) Joan Bailey;
21) Lynette Hutchings;
22) Grant Allen;
23) Khayyam Ishaq;
24) Angela Sefton; and
25) Ann Neild.
102. The only case I can recall from this list is the case of Susan Rudkin. I do
not recall the case in detail, but I recall that an aspect concerning the
appropriate calculation of the benefit of her alleged fraud for the purposes of
post-conviction confiscation proceedings was brought to my attention. I recall
this because I was surprised to discover that some element of uplift was added
to the amount said to have been stolen, which I thought was unfair
103. The Inquiry has also asked whether there are any prosecutions I had a
role in that I consider relevant to the matters being investigated by the Inquiry
(in particular, bugs, errors and defects in the Horizon IT System) and whether
I have any concerns about any such cases. I do not recall having an
operational role in any of the prosecutions listed.
KNOWLEDGE OF BUGS, ERRORS AND DEFECTS IN THE HORIZON SYSTEM
104. The Inquiry has asked whether I have, or whether I was aware of, any
Page 38 of 58
WITN08390100
WITN08390100
concerns regarding the robustness of the Horizon IT system. I do not recall
having any particular concerns about the robustness of Horizon during my
tenure. To the contrary, I understood that certain issues within the system had
been identified but the messaging within the business was that any issues
were not systemic, and that the Horizon system was robust. I did not have any
reason to believe this was not the case.
105. I have also been asked to consider section 6 for POL00086845 and
POL00088867 which are accounting losses policies, and to comment on
whether the suggestion that system faults with Horizon were “very rare”
corresponded with my understanding of the position in 2003.
106. I do not recall either POLO0086845 and POL00088867 and I had no
understanding of the position in respect of Horizon system faults in 2003. As
noted, I did not become Head of Security until 2007; in 2003 I was the Head
of Security for Royal Mail International, which was a different business unit
within RMG.
CHALLENGES TO THE INTEGRITY OF HORIZON AND POST OFFICE
INVESTIGATIONS
107. The Inquiry has highlighted that I was involved in an email exchange in
February to March 2010 (POL0005437 71), in which it was suggested that there
should be a ‘general’ due diligence exercise on the integrity of Horizon. I have
been asked whether such a ‘general’ due diligence exercise happened at this
Page 39 of 58
WITN08390100
WITN08390100
stage and if not why not. I have no recollection of this email correspondence
but note that I appear to have been copied to it. I do not recall being involved
in any conversations about it and I do not recall whether a due diligence
exercise happened at this stage.
108. A specific IT article is referred to within the aforementioned email chain
at POL00054371, and the Inquiry has asked me to confirm whether I read this
article, and if so, what my reaction was. I do not recall this article; however, it
is most likely I would have read it. I do not recall what my reaction to it was at
the time.
109. I have also been asked whether the challenges to the integrity of
Horizon changed my approach to decisions on whether individuals should be
prosecuted following the discovery of shortfalls in their Branches on audit and
if so how. My attention has been drawn to POL00030689 and POL00103242
in considering these questions.
110. I do not recall POL00030689. I can see this is an email from me to Chris
Aujard who was my then line manager. I think this was soon after he took up
the role. I do not recall the email or the reason for sending it. I do not have
access to the documents attached and I do not recall what they contained
though to some extent they are described in the email.
111. I also cannot recall POLO0103242. I do not remember the details of the
case referenced (Bashir) but I can see that I referred it on to Rodric Williams
Page 40 of 58
WITN08390100
WITN08390100
who was the lawyer responsible for Second Sight and Horizon issues.
112. There was never a time prior to my departure from POL when I
considered that the integrity of Horizon, in terms of its use as a source of
evidence in criminal investigations and prosecutions, was a problem. Even
after the Second Sight report, the message to the business was that Horizon
was reliable and its use in criminal investigations appropriate. My
understanding of the reason for pausing the prosecution of new cases from
2013 was the need to identify a new subject matter expert after the Second
Sight report raised questions about the current one (see below).
113. I have been asked to consider POL0O0026572, POL00043531,
POL00107129 and POL00099608, and to comment on my involvement in any
investigations carried out into the integrity of Horizon. I have been asked to
comment particularly with regards to the investigation, advice or reports that
were carried out by:
1) Second Sight
2) Cartwright King
3) Simon Clarke
4) Brian Altman
5) Jonathan Swift KC
6) the Bates & Others Group Litigation.
114. In respect of the listed policies; I do not specifically recall
Page 41 of 58
WITN08390100
WITN08390100
POL00026572, POL00043531, POL00107129 or POLO0099608, and
although I note that I am included as a recipient for some of these documents,
I am unable to comment on them.
115. I have set out my knowledge in respect of the individuals/cases
mentioned at (1) to (6) below.
1. Second Sight
116. Second Sight were forensic accountants appointed by POL to look into
the Horizon System. I think I may have had one telephone call with them very
early on in the process before I asked an Investigations team leader, Dave
Posnett, to liaise with them and facilitate the flow of any information they
required. I do not believe I ever liaised with them again. I know that they
published an interim report on their findings in July 2013. I cannot recall being
called into any meetings to discuss the findings. Broadly, I was aware of the
findings of the report. I remember that bugs were identified in the Horizon
system but, these issues were not considered systemic or significant in terms
of the reliance placed on it in criminal investigations. The concern I recall
hearing about, was that as a result of the Second Sight report, POL would no
longer be able to use the Fujitsu subject matter expert. This was the reason
why, around this time, POL had to set about finding a different expert witness.
However, prosecutions could not progress until such an expert witness was
identified. As far as I recall no new prosecutions after this time proceeded to
court. This was the position as at the date that I left POL.
Page 42 of 58
WITN08390100
WITN08390100
2. Cartwright King
117. Cartwright King were external lawyers appointed by POL. They did not
become known to me until just prior to or after the separation from RMG, but
it is possible that they had been brought on board as external counsel to
advise the organisation before this. I was aware in 2013 that they were
carrying out a review of criminal cases and my team was authorised to provide
them with the relevant papers. I was not involved in this review. Although not
in my direct knowledge, at some point, though I cannot remember the date,
Cartwright King attended monthly investigation case meetings which I had set
up to review the status of investigation and prosecution cases.
3. Simon Clarke
118. Simon Clarke is a senior lawyer at Cartwright King. It is possible that I
may have met him on a few occasions, but I am unable to recall exactly. I did
not have any day-to-day interaction with him.
119. In 2021 I became aware that Mr Clarke, in 2013, had provided two
written advice notes for POL, one in respect of the Second Sight findings on
the Fujitsu expert, Gareth Jenkins, and another on the disclosure obligations
of a prosecutor. During the course of the 2021 Court of Appeal hearings in the
Hamilton & Others Litigation - where several criminal convictions of SPMs
were overturned - I became aware that the latter advice on disclosure
contained an allegation in respect of a POL senior officer. The allegation
Page 43 of 58
WITN08390100
WITN08390100
centred on an order supposedly given to shred the minutes of a meeting where
Horizon issues escalated from the Network had been discussed. In the course
of hearings, I was identified as the individual who had allegedly given this
“shredding” instruction.
120. I know now, from reading the second Clarke advice, that the meeting
during which it is alleged that I gave this instruction was the third meeting in a
series of meetings set up in July 2013. Cartwright King were in attendance at
all the meetings to provide legal advice. I do not recall the specifics, but in
general terms I recall that these meetings were set up post publication of the
Second Sight interim report to consider holistically Horizon issues being
reported, and that various stakeholders across the business attended. Without
access to the underlying material, and with the passage of time, it is
impossible for me to recall with any certainty what instructions I gave during
the relevant meeting and for what purpose. I can however, say categorically,
that I never gave any instruction to shred documents or any instruction that
was motivated by any intention to suppress disclosure or otherwise interfere
with the POL’s disclosure and their legal obligations in respect of the
prosecutions being brought. I can also say that I was never criticised or
disciplined. As noted above, around this time I was tasked by Susan Crichton
to review and agree all decisions to prosecute, and I certainly do not recall her
saying anything to me about any suggestion that I had given such an
instruction.
Page 44 of 58
WITN08390100
WITN08390100
121. I do recall a meeting with Susan Crichton a while later where she raised
the requirement for a more structured centralised issues log which was not in
place at that time. Additionally, disclosure was discussed and the whole
Security Team subsequently went through disclosure training provided by
Cartwright King.
4. Brian Altman KC
122. lam aware of Brian Altman KC but I had limited dealings with him. I
believe that I may have met him once in 2015 or 2016 at a meeting I was
asked to attend by my line manager at time - POL General Counsel, Jane
McCloud. I do not recall why I was asked to attend the meeting or what was
discussed. I was aware in September or October 2013 that a QC was
commissioned to review POL’s investigation and prosecution framework. I
know now that Mr Altman was the person who conducted that review, but I did
not know at the time. To the best of my recollection I never saw the report, or
its findings; I heard about it from my line manager of the time, Susan Crichton.
I recall that her messaging was that the report did not suggest any issue with
prosecutions continuing and that the investigations were being conducted
effectively.
5. Jonathan Swift KC
123. lam not familiar with Jonathan Swift KC. I do not believe that I have met
or had any engagement with this person and so I am unable to comment on
Page 45 of 58
WITN08390100
WITN08390100
any investigations, reports or advice which may concern him.
6. The Bates & Others Group Litigation
124. I am aware of the Bates & Others Group Litigation. However, I was not
party to those proceedings and I was not called upon to provide any evidence,
in writing or orally.
OTHER MATTERS
125. The Inquiry has asked me to highlight any other matters I wish to bring
to the attention of the Chair. I can confirm that I have no further matters which
I consider relevant to raise at this time.
Page 46 of 58
WITN08390100
WITN08390100
Statement of Truth
I believe the content of this statement to be true.
Dated: 12 Max 2023
Page 47 of 58
Index to First Witness Statement of John Scott
WITN08390100
WITN08390100
No.
URN
Document Description
Control Number
LCAS0000124
A brief History of Investigations,
Prosecutions and Security in Royal
Mail
VIS00010364
POL00030578
$02 Royal Mail Group Ltd Criminal
Investigation and Prosecution Policy
(1 December 2007)
POL-0027060
POL00104812
Royal Mail Group Ltd Criminal
Investigation and Prosecution Policy
(1 December 2007)
POL-0080444
POL00104806
Royal Mail Group Security —
Procedures & Standards — Standards
of Behaviour and Complaints
Procedure (version 2, October 2007)
POL-0080438
POL00031004
Royal Mail Group Crime and
Investigation (S2) (version 3.0,
September 2008)
POL-0027486
POL00031003
Royal Mail Group Crime and
Investigation Policy (version 1.1,
October 2009)
POL-0027485
POL00030580
Post Office Ltd —- Security Policy —
Fraud Investigation and Prosecution
Policy (version 2, 4 April 2010)
POL-0027062
Page 48 of 58
POL00030579
Post Office Ltd Financial Investigation
Policy (4 May 2010)
WITN08390100
WITN08390100
POL-0027061
POL00026573
Royal Mail Group Security -
Procedures & Standards — The
Proceeds of Crime Act 2002 &
Financial Investigations (version 1,
September 2010)
POL-0023214
10.
POL00104857
Royal Mail Group Security -
Procedures & Standards — Initiating
Investigations” (September 2010)
POL-0080489
11.
POL00031008
Royal Mail Group Ltd Criminal
Investigation and Prosecution Policy
(version 1.1, November 2010)
POL-0027490
12.
POL00104853
Post Office Ltd Financial Investigation
Policy (version 2, February 2011)
POL-0080485
13.
POL00104855
Post Office Ltd Anti-Fraud Policy
(February 2011)
POL-0080487
14.
POL00030786
Royal Mail Group Policy Crime and
Investigation S2 (version 3.0, April
2011)
POL-0027268
15.
POL00104929
Post Office Limited: Internal Protocol
for Criminal Investigation and
Enforcement (with flowchart),
(October 2012)
POL-0080561
Page 49 of 58
16.
POL00105226
Undated Appendix 1 - POL Criminal
Investigations and Enforcement
Procedure (flowchart) (October 2012)
WITN08390100
WITN08390100
POL-0080851
AF
POL00030602
Draft Post Office Limited: Criminal
Enforcement and Prosecution Policy
(November 2012)
POL-0027084
18.
POL00031005
Conduct of Criminal Investigations
Policy (version 0.2, 29 August 2013)
POL-0027487
19.
POL00027863
Conduct of Criminal Investigations
Policy (version 3, 10 February 2014)
POL-0024504
20.
POL00030902
Conduct of Criminal Investigations
Policy (September 2018)
POL-0027384
2A:
POL00104900
Separation Project — Criminal
Investigations Policy for Post Office
Limited
POL-0080532
22,
POL00094143
Post Office Conduct of Criminal
Investigation Policy
POL-0094266
23.
POL00038603
Post Office Fraud and Loss
Prevention Policy (version 1, 1
October 2013)
POL-0027914
24.
POL00105025
Post Office Security Team Objectives
April 2013 — March 2014 (version 1,
April 2013)
POL-0080657
25.
POL00084813
Condensed Guide for Audit
Attendance (version 2, October 2008)
POL-0081871
Page 50 of 58
26.
POL00104825
Memo dated 15 December 2009
WITN08390100
WITN08390100
POL-0080457
27.
POL00105223
Post Office Security Operations
Casework Review (4 February 2013)
POL-0080848
28.
POL00104809
Royal Mail Group Security —
Procedures & Standards —
Suspension from Duty (version 1,
November 2005)
POL-0080441
29.
POL00105231
Royal Mail Internal Information —
Criminal Investigation Team — 7.11
Suspension from Duty (version 1.0
final, May 2012)
POL-0080856
30.
POL00030659
Post Office Internal Prosecution
Policy (Dishonesty) (December 1997)
POL-0027141
31.
POL00030800
Royal Mail Group Policy Prosecution
(S3) (created September 2008,
version 3 effective from April 2011)
POL-0027282
32.
POL00031011
Royal Mail Group Prosecution Policy
(version 2.1, October 2009)
POL-0027493
33.
POL00030598
Royal Mail Security — Procedures and
Standards — Prosecution Decision
Procedure (version 2, January 2011)
POL-0027080
34.
POL00030685
Royal Mail Group Prosecution Policy
(version 3.0, April 2011)
POL-0027167
Page 51 of 58
35.
POL00031034
Post Office Prosecution Policy
(version 1.0) (effective from 1 April
2012)
WITN08390100
WITN08390100
POL-0027516
36.
POL00030686
Post Office Prosecution Policy
England and Wales (effective from 1
November 2013)
POL-0027168
37.
POL00030811
Post Office Limited Prosecution
Policy for England and Wales
(version 1, 22 January 2016)
POL-0027293
38.
POL00104805
“E”- Learning — Introduction to
Investigations — Evidence & Witness
Statements (Version 3.0 11/02)
POL-0080437
39.
POL00104932
Post Office Ltd Security — Post Office
Security Team- Key Skills Database
POL-0080564
40.
POL00104944
Email chain re “Skills Matrix”
(between August 2012 and January
2013)
POL-0080576
41.
POL00104945
Email chain re “Work Stream:
Technical Skills” (January 2013)
POL-0080577
42.
POL00104948
Technical Skills Requirements from
SLT
POL-0080580
43.
POL00104953
Email re “People Plan- Training and
Development” (dated 4 February
2013)
POL-0080585
Page 52 of 58
44.
POL00104952
Post Office Ltd Security — Post Office
Security Team- Key Skills Database
WITN08390100
WITN08390100
POL-0080584
45.
POL00104986
Email chain re “People Plan- Central
Learning and Development” (April
2013)
POL-0080618
46.
POL00104989
Post Office Limited — Internal- People
Plan Workstream: Advanced
Development
POL-0080621
47.
POL00105002
Email chain re “People Plan Training
and Development- Nine Box Model”
(June 2013)
POL-0080634
48.
POL00105008
Post Office - Training and
Development Record and Request,
Etc.
POL-0080640
49.
POL00105099
Post Office - Security Manager-
Training & Induction Timetable
POL-0080729
50.
POL00104818
Royal Mail Group Security
Investigation Guidelines — Group
Investigation Circular 5 — 2008:
Written Records of Tape-Recorded
Interviews (20 November 2008)
POL-0080450
51.
POL00104836
Royal Mail Group Security
Investigation Guidelines — Group
Security Investigation Circular 5-
POL-0080468
POL-0080499
Page 53 of 58
2008: Written Records of Tape-
Recorded Interviews (version 5, June
2010)
WITN08390100
WITN08390100
52.
POL00104867
Royal Mail Internal Investigation
Team — Criminal Investigation Team
— 7.4 Interviewing Suspects (version
1.0 final, March 2011)
POL-0080491
53.
POL00104859
Appendix 1 to P&S 7.4 Interviewing
Suspects on tape — Quick Reference
Guide England and Wales (version 1,
March 2011)
POL-0080493
54.
POL00104861
Appendix 4 — Interviewing Suspects
Using Notes of Interview Quick
Reference Guide — England
& Wales (version 1, March 2011)
POL-0080507
POL-0080850
55.
POL00104875
Royal Mail Internal Information —
Criminal Investigation Team — 8.6
Written Record of Tape Recorded
Interviews (version 1.0 final, June
2011)
POL-0080459
56.
POL00105225
Investigative Interviewing — A Guide
to Interviewing (January 2013)
POL-0080458
57.
POL00104827
Royal Mail Group Security —
Procedures & Standards — Witness
Statements (version 2, January 2010)
POL-0080460
Page 54 of 58
58.
POL00104826
Royal Mail Group Ltd Security —
Procedures & Standards — Appendix
2 to P&S 5.4 — Managing the Witness
and Structure and Contents of
Witness Statements (version 1,
January 2010)
WITN08390100
WITN08390100
POL-0080481
59.
POL00104828
Royal Mail Group Security —
Procedures & Standards — Searching
(version 5, January 2009)
POL-0080523
60.
POL00104849
Royal Mail Group Security —
Procedures & Standards — Searching
(version 6, January 2011)
POL-0080480
61.
POL00104891
Royal Mail Group Ltd Security —
Procedures & Standards — Appendix
1 to P&S 5.4 — Rules and Continuity
of Evidence (version 1, January
2010)
POL-0080525
62.
POL00104848
Royal Mail Group Ltd Security —
Procedures & Standards — Appendix
1 to P&S 9.5 Disclosure of Unused
Material & the Criminal Procedure
and Investigations Act 1996 (July
2010)
POL-0080513
Page 55 of 58
63.
POL00104893
Royal Mail Internal Information —
Criminal Investigation Team —
Appendix 7 to 7.4 Dealing with
Defence Solicitors & Complaints by
Suspects (version 1, March 2011)
WITN08390100
WITN08390100
POL-0080511
64.
POL00104881
Royal Mail Internal Information —
Criminal Investigation Team — 8.2
Guide to the Preparation of Suspect
Offender Reports, England, Wales
and Northern Ireland (version 1.0
final, June 2011)
POL-0080838
65.
POL00104879
Royal Mail Internal Information —
Criminal Investigation Team —
Appendix 1 to 8.2 Suspect Offender
Reports, Preamble Guide, England,
Wales and Northern Ireland (version
1.0 final, June 2011)
POL-0080847
66.
POL00105213
Fraud Risk Security Pro-forma- Guide
to Obtaining Reports from Horizon
VIS00005776
67.
POL00105222
Security Investigations Data Handling
Process (Fujitsu Horizon Data
Request) (September 2013)
POL-0083903
68.
POL00004708
Email chain re “ARQ requests-
Barkham Post Office 212939”
POL-0085925
Page 56 of 58
(between June 2010 and October
2010)
WITN08390100
WITN08390100
69.
POL00086845
Post Office Ltd — Security Policy:
Accounting losses policy for agency
branches (version 1, February 2003)
POL-0050850
70.
POL00088867
Post Office Ltd —- Security Policy:
Liability for losses policy (for agency
branches) (version 1.7, September
2003)
POL-0027171
71.
POL00054371
Email chain re “Horizon disputed
cases” (between February and March
2010
POL-0102825
72.
POL00030689
Email re “Pending
Investigations/Prosecutions- Awaiting
SME” (7 November 2013)
POL-0023213
73.
POL00103242
Email chain re “Case v Bashir”
(August 2016)
POL-0040034
74.
POL00026572
Confidential — Horizon- Response to
Challenges Regarding Systems
Integrity
POL-0105437
75.
POL00043531
Email chain re “Weekly Horizon Call
Notes” (December 2013)
POL-0099191
76.
POL00107129
Confidential — Horizon- Response to
Challenges Regarding Systems
Integrity
Page 57 of 58
if.
POL00099608
WITN08390100
WITN08390100
Email chain re “Emailing: Clearing
Tyneside sub-postmaster urges Post
Office to admit error- Journal Live
htm” (between August and
September 2013
Page 58 of 58