Welcome back to my fourth blog on the scandal of the Post Office’s Horizon system and the devastating consequences of that system’s failures and the failure of the Post Office’s leadership to address those failings. I cannot emphasise just how significant this scandal has become within British society and politics.
Figure 1 - Selection of recent front-page stories
Until now my blogs have focussed on leadership as well as revenue assurance and system issues. Today I am addressing the role of professional staff within an organisation and their own special responsibilities. Whilst this focuses mainly on accountants and lawyers, the principles are universal and apply to all professionally qualified staff, whatever their role.
Internal reports should not be used to launder reputations
Management often asks staff to conduct internal reviews of various matters. Sometimes this path is chosen for cost or time reasons. However, often it is because management know they can influence the more junior member of staff to deliver a report to their liking. The risk of hiring external consultants, who might charge high fees for unwelcome advice, may seem too high. Or, in other words, management may want a whitewash that they can control. So, how did the Post Office approach this?
Pivotal to any IT system are the controls in place to ensure the system is robust and cannot be tampered with. It is critical to any risk or assurance professional that all controls are documented, understood, properly implemented and that weaknesses are identified with appropriate remediation plans. This is simply common sense.
Sadly, the Post Office could not meet this common-sense benchmark. However, the claim that such controls existed was critical to the Post Office’s defence of Horizon’s robustness. As previously mentioned, for over a decade they falsely denied any remote access to SPM’s accounts was possible. So, what did the Post Office think of their own system?
The name Rod Ismay won’t mean anything to you unless you have followed this scandal in detail. Rod Ismay describes himself on his LinkedIn profile (this has now been deleted – no doubt due to the publicity of his involvement in the Horizon case) as (my emphasis) a “Finance professional. Experienced leader of complex operations, with a track record of high staff engagement, board level assurance and successful delivery of business transformation”. Ismay worked for the Post Office for 13 years and, in his role as Head of Product and Branch Accounting, he produced a report on the Horizon system. As I mentioned in my previous blogs, nothing in this story will remain confidential and the report is now publicly available[1]. The report was produced in reaction to the disastrous launch of Horizon Online - an updated version of Horizon rolled out in 2010.
Given what we now know about the Horizon system, what did Ismay have to say about it? I won’t repeat the whole 36-page report but here are some choice extracts from the executive summary:
“We remain satisfied that this money was missing due to theft in the branch - we do not believe the account balances against which the audits were conducted were corrupt. POL (Post Office Limited) has extensive controls spanning systems, processes, training and support. Horizon is robust, but like any system depends on the quality of entries by the users… The integrity of Horizon is founded on its tamper proof logs, its real time back ups and the absence of "backdoors" so that all data entry or acceptance is at branch level and is tagged against the log on ID of the user. This means that ownership of the accounting is truly at branch level.
“Systems issues have also arisen but again POL has been able to explain them and rectify them… they do not bring the integrity of the system into question.”
“When POL takes a subpostmaster to court we have strong processes for the compilation of evidence… ensuring that the courts focus on the facts of transaction logs and not on speculation about the "what ifs".
Jumping into the details of the report, the following statement jumps out:
“Horizon and HOL were both designed with the principle that only authorised branch users can create or accept transactions in the system. Robust security is an important and integral part of the design and management of both systems.”
Later in the report, we are informed that not only was the design robust but so was the implementation:
“Horizon infrastructure was robust from a security and access perspective”
As if there is any further doubt about the Post Office’s attitude, section 4 dismisses the need for an independent review of the system and Appendix A, “Improvement Areas”, suggests no new fundamental software improvements.
The Ismay report was a whitewash. We now know that not only did the Post Office lie for over a decade about the ability to remotely access branch accounts but its own internal report painted over all of the cracks. This is particularly so for the highlighted text above.
Interestingly, Ismay does reference an E&Y IT audit in his report. Nick Wallis also makes reference to a very specific weakness in their controls - I say weakness in controls, but in this case the weakness was that the control didn’t actually exist!
“The Post Office’s auditors Ernst and Young were invited to run their eyes over their client’s business. In August 2010 Rod Ismay had told the Post Office board about Horizon’s ‘tamper proof logs, its real time back ups and the absence of “back doors’ Ernst and Young took a different view.
‘Our audit work,’ it stated in a letter to the Post Office management, ‘has again identified weaknesses mainly relating to the control environment operated by POL’s third party IT suppliers’ (i.e. Fujitsu). It noted users of the Credence system, which recorded data going in and out of Subpostmaster accounts, ‘have the access rights to create and amend reports, including those which may be relied upon for audit evidence. These users can change report design, and processing without documented request, test or approval.’
Furthermore, no one knew who the users were, as ‘there are three generic administrator accounts without specific users assigned to these accounts,’ and ‘the process for requesting and granting user access rights to Credence does not maintain documentation to record evidence of request or approval of access rights.’
Ernst and Young were directly contradicting the Ismay report, spelling out to the Post Office not only the existence of back doors in Horizon, but that they were swinging open for untraceable users to waltz through.”[2]
The idea that a system can have “extensive controls spanning systems (and) processes” whilst using generic and pooled accounts to amend financial data is mind boggling. The system was not robust, was full of weaknesses and we now know that the Post Office was aware of this. Rather than address the issues, the Ismay report refuted them and rejected the suggestion of an independent review of the Horizon system.
The Post Office claimed that, based upon the Ismay report, they had assured the robustness of their system. However, the evidence from the Public Inquiry makes clear that the sole intent of the report was to whitewash Horizon. Computer Weekly reported from the Inquiry that Ismay:
“should just report on ‘positive reasons to be assured about Horizon’ to give a clean bill of health to the software.
The Post Office had considered an external review and report, according to Ismay, but decided against that for reasons including that people would still have doubts over the system and ask questions regardless of the outcome, and that the companies that would carry out the audit would have “significant caveats” in their report, which would sow doubt about conclusions.”[3]
The difference between a parrot and a good in-house lawyer
It is common for fraud and risk professionals to collaborate closely with their in-house legal team. On occasion, those dealings can be frustrating. Sometimes it just feels that the lawyer isn’t on your side and isn’t providing the support you need. Of course, the lawyer isn’t paid to parrot everything you say - their duty is to protect the business, even if that means disagreeing with you.
Just consider the times when revenue has gone astray, and your company wants to recover it. In a telecoms operator this may be when billing professionals take advantage of a company’s standard terms and conditions to recover lost revenue. The interpretation might be beyond legal doubt. Perhaps it is legally risky. Maybe it is just beyond the terms of your customer’s contract and you will have to stomach the loss. In all cases, you would hope that the in-house lawyer would advise of the risks whilst respecting the business’ right to overrule them.
With this in mind, The Times published an article entitled “Should those who sent the sub-postmasters to prison now face court themselves” (paywall). The journalist managed to interview Jarnail Singh, senior prosecutor at the Post Office, responsible for preparing evidence in litigation, including many of the prosecutions that used Horizon evidence.
Given what I have written above, one would hope that Singh robustly challenged his colleagues. A reasonable lawyer would query whether a computer system could ever be 100% accurate. A reasonable lawyer might have wondered why so many SPMs had suddenly exhibited criminal behaviour. A reasonable lawyer would have noticed that many defendants claimed that the Horizon system was fundamentally flawed and erroneous. Yet the Post Office told each defendant that no one else had experienced the issues they claimed. Singh compiled evidence for numerous prosecutions, including interviews with Post Office auditors. Would Singh have seen this lie being told countless times? If he did, he never claimed to even once raise the alarm. Was Singh a reasonable lawyer?
In fact, it appears that Singh was unable to disassociate himself from the business objectives of the Post Office and simply parroted everything he was told. The article quotes Singh as describing one of the earlier Post Office trials as an ‘“unprecedented attack” on the Horizon system… “it is to be hoped the case will set a marker to dissuade other defendants from jumping on the Horizon-bashing bandwagon”. Hardly the words of an impassionate advisor. It would seem the Post Office was more focussed on defending its reputation than seeking justice.
Singh failed to carry out his duty to robustly challenge his colleagues. Even worse is that today, even after everything that has taken place, he refused to apologise and instead glibly stated “hindsight is a wonderful thing”. So said the man who was pivotal to litigations that led to bankruptcies, imprisonment and even suicide. To rub salt into the wound, the article continues quoting him: “Asked if he had a message for the victims, he said “not really – it was a long time ago. One does feel for them wholeheartedly. But that’s what it is, what more can one add?”. The answer is obvious - a meaningful apology!
Remember your professional duties
Whilst we all have a duty to act professionally throughout our employment, some of us are actually in regulated jobs and can lose our ability to work professionally. This very obviously applies to the medical profession, but it also applies to accountants and lawyers. As a former Chartered Accountant, this was always at the forefront of my mind, both in professional and personal dealings.
Many Business and Revenue Assurance workers have an accountancy background, so this is a serious concern for them. This obviously applied to the lawyers working for the Post Office – both in-house and external counsel. Before looking at examples, I checked with my friend Mike Greenstein, partner at London solicitors, Goodge Law.
“The key duty is that a solicitor is first and foremost an officer of the court. This overrides everyone and everything, even your employer.
This is particularly apt for someone like me. On the basis that my business’s success is wholly down to the success of claims, I couldn’t, for example, tell the client to manufacture evidence which would support his claim - even though it would obviously help the claim which would affect profitability. Likewise, priming a client by telling him the answers to give under cross-examination. Just as bad would be to not disclose evidence to the other side that might undermine our claim. All solicitors are under a continuing duty of disclosure to give full and complete disclosure (known as standard disclosure) of all supportive and unsupportive evidence to one’s opponent. To reiterate, our duty is to the court first and foremost.”
Mike’s final point about disclosure is one of the most critical in this whole saga and is covered elsewhere in this blog. The Law Gazette published an article about the impact of the Post Office’s lawyers upon one victim. I have pasted many links in this blog but, if you only read one, please read this one. It is the personal story of one innocent man who was destroyed by this scandal. It brings to life what this scandal was about. It is also an appalling insight into the behaviour of so-called professionals. Quoting from the article:
“Before the trial itself, Castleton (the accused SPM) claimed that he was contacted by the Post Office’s solicitor Stephen Dilley, who urged him not to go ahead with a hearing and to drop his defence.
Castleton replied that he had to contest the claim as he had done nothing wrong, which he alleges prompted Dilley to say: ‘But Lee, we are the Post Office, we will ruin you.’ When Castleton reiterated that he would make his defence in court, Dilley said: ‘Lee, just listen, we will ruin you. Think of your family…
Dilley, the solicitor named in Castleton’s evidence, is now head of the commercial litigation team in Bristol at national firm Womble Bond Dickinson”
Having checked his LinkedIn profile (another one that has now been deleted), Dilley never worked for the Post Office directly, meaning he was external counsel. Not only did he have a duty to the court but, as Mike told me, “solicitors must also act with integrity so as not to bring the profession into disrepute. Telling a defendant ‘we will ruin you’ is likely to breach that. I expect a solicitor is likely to be sanctioned for that if it can be proven. Threatening behaviour too.”
In this case it won’t be Mike investigating but, rather ominously, the Solicitor’s Regulatory Authority (SRA).
As with so much in this scandal, anyone involved should be able to look back at their past contributions with pride. If it isn’t pride then for sure it had better not be shame! For the sake of fairness, I should add that Dilley strongly denied making the “ruin” comment. He claimed it didn’t sound like him and made him “sound like a Vinnie Jones character from an East End gangster film. It's just not at all who I am” and that he “would have written it down” in his contemporaneous notes.[4]
Only prosecute for justice using sound evidence
One particular question has been consistently raised about this scandal. If the SPMs were innocent, why did so many of them plead guilty to the offences that they were accused of? It is an obvious question and one that many people will struggle to comprehend. The truth of the matter is appalling.
In their ruthless desire to protect the Horizon system at all costs, the Post Office had to make sure that its reputation was never tarnished and that those accused of crimes were seen to be appropriately punished. The problem was that the Post Office didn’t always have the evidence they required and they couldn’t afford for that to become public. To address this problem, the Post Office engaged in a practice of charging SPMs with the more serious crime of theft, with a likely custodial sentence, but then accepted a guilty plea to the less serious crime of false accounting – far less likely to incur a custodial sentence. How would you behave if you were told that you were certain to go to prison for a crime you didn’t commit but if you pleaded guilty to a more minor crime you would avoid prison?
The lesson here is simple – if you don’t have the required evidence, don’t prosecute people.
Be a good human
My benchmark for behaviour is simply that we should all be good people. That is so simple to understand that it needs no explanation. Lee Castleton, the totally innocent SPM was destroyed and bankrupted by the Post Office. With the reference above to not being a “Vinnie Jones character”, what can we make of Dilley’s opening exchange in the Inquiry? The Inquiry barrister asked him:
“Having reflected on the evidence of the Inquiry as a whole, is there anything that you would like to say to Mr Castleton or his family?”
Dilley replied: “No there isn’t.”
…There's nothing you wish to say to him. Is that because you consider that this case was conducted appropriately?...
Dilley replied “I'm satisfied that I acted and my firm acted professionally and politely and appropriately at all times.”[5]
Considering this question related to Dilley’s involvement in a vindictive prosecution, based upon false evidence, with the sole goal of bankrupting the defendant so that a message was sent to other victims, Dilley’s character and values speak for themselves.
A highly favourable contract may just be too good to be true
So much of what we do in business relates to contractual relationships. Telecommunications is no different and these contracts will govern terms between Operators and consumers as well as business customers, trading partners and, of course, roaming and interconnect partners. Whilst some of these contracts are entered into on level terms i.e. two similarly sized operators decide to work together, often all the negotiating power is on one side e.g. standard retail terms. Let’s face it, no one walks into an operator’s retail store and negotiates the contract they are about to sign up to for a £20 per month deal – it is a question of take it or leave it.
Whilst this is standard business practice, it does not mean you can dictate any terms you want. For example, it is hard to imagine an operator being able to double their monthly charges at will, without giving the customer the chance to walk away from the contract. In other words, contracts must be fair.
Unfortunately, the Post Office lost sight of this. Over the years they had two standard contracts that SPMs had to sign, without any negotiation. The terms of these contracts became increasingly onerous, with all of the risk placed onto the SPM’s shoulders. These robust and highly favourable contracts gave the Post Office enormous power and heavily influenced their behaviour. Their lawyers understood them well and ruthlessly exploited them to protect their interests. You may recall the case of Alan Bates, mentioned in my previous blog. He refused to sign off his accounts due to accounting errors and rolled forward the differences. The Post Office wasn’t prepared to tolerate this so they cancelled his contract without any compensation – a £100,000 investment was lost overnight. Whilst it seems unfair, the key question is, was it legal?
The Justice for Sub-Postmasters Alliance, set up by Alan Bates, published a helpful summary of the common issues that Justice Fraser ruled upon in the first phase of the group litigation by the 555 SPMs in the High Court. A significant proportion of this ruling was around the Post Office’s contracts with SPMs. This can be simply summarised by the following quote:
“many parts of the SPM contract… and its successor… were ruled to be so onerous, unusual or unfair that they were and are unenforceable”
The key ruling was that the contracts with the SPMs “were relational contracts [meaning] the contracts included an implied obligation of good faith (my emphasis). This means that both the parties must refrain from conduct which in the relevant context would be regarded as commercially unacceptable by reasonable and honest people.” Suddenly the treatment of Alan Bates seems unacceptable both morally and legally!
So the key lessons here are that, for a contract to be enforceable, it must be fair. Additionally, implied obligations mean that the relevant terms are not necessarily even directly written into the contract.
Let me finish this topic with a case from my own past. At one point in time, I was involved in a dispute with two operators that were interconnected to my own employer’s network. Quite incredibly, both of them were billing us for the same traffic (due to national roaming). However, neither of them were contractually entitled to bill us at all. That might sound even odder but it is all do to with the vagaries of how SMS is routed and the non-existence of SMS Home Routing when the contracts were signed. Don’t worry if you don’t follow this – I’ve included this just for the SMS geeks like me!
We did eventually get a full refund from one of the operators but not the other. I was determined to pursue this sum – several million Pounds. Our barristers advised that the contractual situation was clearly in our favour. However, my boss at the time, applied his German pragmatism and simply said it was crazy that we didn’t have to pay at all for the traffic we had sent to our interconnect partners. Ever since then, over a decade ago, I considered he made a foolish and expensive mistake. However, I can now see how the Post Office trial has confirmed that he may have had a very valid point and, in a court of justice, a judge might have found our stance to be unreasonable.
This tale brings another blog to an end. The next blog, the final in the series, will cover aspects of audits, auditors and the analysis and storage of data. The topics might not sound exciting but you will be shocked by what you read. I will also take this opportunity to once again thank Bath Publishing for their permission to publish extracts from Nick Wallis’s excellent book “The Great Post Office Scandal”.
[1]“Response to Challenges Regarding Systems Integrity”, Rod Ismay,
[2] p. 166, “The Great Post Office Scandal”, Nick Wallis, Bath Publishing, 2021
[3] “Post Office executive told to report false bill of health on controversial software”., https://www.computerweekly.com/news/366537461/Post-Office-executive-produced-one-sided-report-giving-Horizon-system-a-false-bill-of-heath
[4] page 30, Transcript of Stephen Dilley, https://www.postofficehorizoninquiry.org.uk/hearings/phase-4-21-september-2023
[5] ibid, page 5
Let Us Know What You Thought about this Post.
Put your Comment Below.