Were some Subpostmaster discrepancies down to internal fraud?

Tim Chapman, outside Yalding Post Office in Kent

Since the rollout of the Horizon IT system in 1999/2000, the Post Office has been unable to tell the difference between computer error and fraud. Whilst relentlessly pursuing innocent people, it potentially failed to spot the multiple ways public money could be leaking out of its network. In a podcast I hosted last year (Ep 34: Where Did All The Money Go?), Second Sight’s Ron Warmington and former Subpostmaster Mark Baker counted up at least 14 ways the Post Office, Subpostmasters and Fujitsu could lose cash.

One area raised by Ron and Mark was internal fraud, either at Fujitsu, which operated and maintained the Horizon system, or within the Post Office. There are a number of ways in which it could happen, but whilst the Post Office was prosecuting Subpostmasters these were never properly considered, let alone investigated, so there is, as yet, no proof it ever did.

The easiest way would be via collusion, requiring one bent Subpostmaster and one bent Fujitsu or Post Office employee. Thanks to the Subpostmaster contract, which allowed Subpostmasters to keep surplus balances – no questions asked – it would be a relatively simple matter to divert funds from one (or multiple) branches to a bent branch and then remove those funds from that branch in cash. This could be done manually at numerous points in the Post Office back-office financial chain (eg at Chesterfield where manual transaction corrections were issued), or via a clever scamp at Fujitsu who could either manually divert funds by adjusting balances or create a routine which took £10 from 500 random branches each week and diverted those small sums to one specific branch, or even a fictitious client account.

This might be a fantasy. It is possible that all Post Office and Fujitsu employees were paragons of virtue and none considered or attempted, let alone successfully managed to remove any money from the system despite the lax controls, and an institutional willingness to believe that Subpostmasters were on the take.

Tim’s letter to the Inquiry

I have posted below, with permission, a letter written to the Post Office Horizon IT Inquiry by Tim Chapman, a current Subpostmaster. It is conjecture, but I think it is worth publishing in order to attempt to build some kind of body of evidence which raises the possibility of how internal fraud might be or might have been happening within the network.

Penny Williams, Former Subpostmaster
Penny Williams

A few months back, former Subpostmaster Penny Williams told me her sister and sister’s boss analysed printouts sent to her by the Post Office and concluded that something or someone was removing small amounts of money from her account on a regular basis. Sadly Penny has not subsequently been able to get her hands on those printouts – or if she has, she hasn’t given them to me!

There is also a comment below this blog post which asserts that Fujitsu employees were able to, and did, shift money out of Subpostmaster accounts. It read:

“Mr Wallis, twenty years ago I worked in a technical capacity in FUJITSU UK.
I have information you will find useful and which any Public Inquiry must know too.
It establishes criminal culpability on the part of the corporation as well as highups like Crozier and Vennells among the clients, since it proves they knew fully about backdoor access but instructed the POL solicitors to suppress any disclosure of this to defendants and courts.
While I put through no phantom entries myself, I was aware how commonplace it was, and the trivially easy overriding of the rudimentary audit trail embedded in the software too. What started as a prank swiftly became a crime, I prefer to believe most of the perpetrators never seriously consider that POL would treat the discrepancies so seriously and initiate prosecutions. It got totally out of hand. 90% of the phantoms were “against” the agents, thus unjustly enriching POL. Did you notice the disproportionate number of victims whose agent locations were in Wales?
I am able to provide you personally with much more, redacted only to protect my own identity. The FUJITSU non-disclosure agreement is probably more bone chilling than that used by POL, I do not wish at this stage in my life to be bankrupted. I know you are protecting some of your sources because so much of your book is accurate and it cannot all be down to deductive skill and luck. I’ve taken many steps, in addition to using TOR, to obfuscate my ID while making this posting; if I have an email address to which I could send material, I can give you all you need to pass on to the Police or CPS or the Enquiry.
Please provide a throwaway email address which I can use. The email address I provided here is a dummy.”

My multiple attempts to contact the poster of the above comment have failed. They might be mischief-making. If so, they succeeded.

But by posting the above together with Tim’s letter below there is the possibility it might trigger more interest from someone who might have something concrete to tell me. Sending me a message is easy and can be done via the contact form on this website, which pings an email straight to my inbox. This is a secure and confidential process.

Here is Tim’s letter as sent to Sir Wyn Williams, the Inquiry chair:

25th August 2024

Dear Sir Wyn Williams,

REF: Possible criminal activity within Fujitsu or Post Office running parallel to Horizon’s other problems.

I have been the Sub Postmaster for Yalding Post Office since July 2011. I took over the Post Office upon my retirement from the London Fire Brigade.  I was only 55 at the time and I only lived immediately next door so it seemed a good way to keep myself busy and be a contributing person within our village community.

I am fairly computer literate and got to grips with Horizon fairly quickly. I worked on my own most of the time, it is only a small village branch. The previous Post Mistress, of over 30 years’ experience, helped out on our busy Monday mornings for about a year. I made mistakes fairly regularly, but I had the assistance of her and the Helpline if required.  So, after a few months the mistakes got fewer and I started to enjoy the job a lot more. I still enjoy the job today.

Thankfully the well documented Horizon problems currently being investigated didn’t appear to affect me or the running of the branch.  

However, every few months I would notice £100 go missing (It was always £100). I do a daily cash count and check that against Horizon’s figures, and generally they tally quite happily fairly close together. Banking transactions of £100 are pretty much the most usual daily transactions. I would check the transaction log, but generally that would only tell of the ones that were confirmed, not of any unfulfilled ones. I assumed that I had made an error somewhere, despite being very careful where cash withdrawals were concerned. If the error could not be found I would have to balance the books using my own money.

I spoke to the previous Post Mistress and she told me that this had happened to her fairly regularly too.

I also regularly attended the local meetings for the National Federation of Sub Postmasters (the Fed) and one day in 2013 I raised the question of the regular losses of £100 to one of their officers. I wish I could remember who it was. I was informed quite categorically that Horizon was faultless and that any shortages were my fault entirely and that if I tried to take it further Post Office would tell me exactly that and the Fed could not have anything to do with it.  I was further informed that nobody could have any remote access to my Horizon account.

This was a bit of a surprise to me, even I know that computer systems can have problems, and most programmes have a back entrance in order to correct errors and bugs, but I took him at his word and left the issue alone. Stupidly I did not document or keep any of the paperwork involved…  

The fairly regular losses of £100 continued into 2015 and appeared to stop at about the same time as Horizon was upgraded. My estimate of loss personally is probably only £500 – £600. I still occasionally make mistakes to this day, but these do not conform to any discernible pattern. I do not expect to ever get any of my money back.  

My theory at the time, which I still think is the most likely scenario, is that there was some criminal activity taking place within the computer system itself. After the Bates v Post Office court case of 2018 – 19, we all now know full well that Fujitsu employees had been regularly secretly accessing branch Horizon accounts for years and I personally think that one or more of them were somehow stealing the money from me, and possibly many other Post Office branches throughout the UK. If this was indeed the case, the total amount stolen could be a very large sum indeed.

I have spoken with other Sub Postmasters and several of them recall similar incidents in that period of time up till 2015.

About a year ago I raised this issue with my Post Office area manager. Her advice was to submit a claim to the Shortfall Scheme. This I have done, and I am waiting for Post Office to come back to me for further enquiry.

I am aware that the possible scenario of criminal activity of the manner I have raised here has not been raised at the Post Office Inquiry, but this may well be something that should perhaps be considered a possibility and investigated further.

It also maybe something that the current Inquiry cannot consider, and in reality, I’m expecting to be told that such a scenario is impossible and, yes, those shortfalls were all my fault entirely. 

I apologise for taking up your valuable time Sir.

Yours sincerely

Tim Chapman


The journalism on this blog is crowdfunded. If you would like to join the “secret email” newsletter, please consider making a one-off donation. The money is used to keep the contents of this website free. You will receive irregular, but informative email updates about the Post Office Horizon IT scandal.

15 responses to “Were some Subpostmaster discrepancies down to internal fraud?”

  1. The reason you never were able to track down that Fujitsu employee was because he/she probably realized that their identity could not be protected if you passed the information to the Enquiry or Police/CPS and Fujitsu on being charged would get it from disclosure required for any trial. Your informant would not be protected from any civil case brought by Fujitsu regarding any NDA either.
    Plus, Fujitsu have already admitted the back door into the system and how it was used so what’s the point at this stage of putting your head above the parapet?
    The main point that there was a backdoor access which could quite possibly have been used for some basic but not easily traced financial crime, cannot be ruled out because nobody has even tried to do so. It’s also possible that the missing money never even existed in hard currency but was just 1, and 0s in the patiently seriously flawed Horizon software, that the Fujitsu Bracknell basement people were trying to patch on the fly.
    That’s one thing the investigators (I use that term loosely for idiots like Bradshaw) wouldn’t have the expertise or interest in finding out. I don’t think many of them could investigate their way out of the paper bag. Don’t discount the money being paid to the legal companies either involved in the prosecutions.
    The one thing this enquiry has revealed is how incompetent many of people at the higher levels all the way up to the chairman were and still are and how anyone who didn’t follow the party line got shut down.
    Nick Read forwarding Ismail and Jacobs comments to 2 of the ‘ untouchables ‘ Bradshaw and Roberts tells you how far the rot still exists in POL. It’s the coverup that always brings these things down in the end. But unfortunately, that often takes a while and also doesn’t mean justice will be done.

    1. Just to be absolutely clear – I would never betray a source, and would frankly rather go to prison than do so. If anyone gives me their details they stay with me.

  2. Edward Stephenson avatar

    Having worked on mainframe computers for over 22 years, including 19 years on a Fujitsu/ICL2900 VME machine, my very first thoughts, after acquainting myself with the PO fiasco, centred on criminality in the Bracknell basement. So we must all hope that the Enquiry Chair has this aspect of the affair firmly embedded in his agenda.

    Does anybody know how debit card transactions were/are processed by the PO? I am fascinated by Peter Burfitt’s report of an apparently random purchase of Premium Bonds (a negotiable instrument?). I am aware that credit card transactions are collected by the merchant and then presented to the card provider for settlement (I stand to be corrected there), so did/does Fujitsu collect debit card transactions from the SPM and then pass them ‘en masse’ to the banks? And if so, could a clever criminal with access to the debit card file delete the relevant entry thus making the Bond purchase FOC? Such files of financial data must be heavily protected, but that is not to say that a clever person could not breach the security and amend the data without leaving evidence of tampering.

    Again we must all hope that the Chair has the technical resources and forensic expertise at his disposal to drill down into these sorts of areas.

  3. Who is funding the legal costs of the PO Directors and managers at the Inquiry? I know from experience that the traditional market for Directors and Officers Insurance is pretty thin – 20 years ago you couldn’t get more than about £10million – which they will have burnt through long ago so I strongly suspect that they were indemnified by the PO and it is yet another example of the taxpayer picking up the tab for all of this mess. Will we also pick up their defence costs once the inevitable criminal prosecutions start?

  4. I always wondered who were these faceless troglodytes beavering away in The Bunker at Bracknell. We know there were Fujitsu and Post Office staff there. We don’t know how decisions were made, what the management structure was, or how changes were supposed to be audited and how rigorous procedures were enforced. Well clearly, not a lot.
    My point is that, apart from Richard Roll, no one who worked in the Bunker has been giving evidence to the Inquiry. Surely they are the ones who know where the bodies are buried, and I would have thought they are crucial to explaining what happened.
    I’d like to see them called to attend the Inquiry. I don’t see how it can be definitive without this missing element. Obviously the Inquiry would allow them to ignore any confidentiality agreements they’ve signed.
    Though it does sound like many, most, maybe all will have to be careful about incriminating themselves. Perhaps if they are as thick as thieves, one of them will spill the beans, in exchange for immunity, if they are sufficiently worried about their fate, maybe having a troubled conscience.
    I do hope the Met will take an interest in this group, if they haven’t already.

  5. Interesting.

    I remember an odd couple, who were definitely not local, coming into my secluded village office to buy £200 of Premium Bonds. A transaction I viewed with great suspicion at the time but couldn’t reconcile how their paying me money could count as fraud. Even so I reported it to the ‘ Helpline ‘, ( usual response, ie., nothing ).

    The above suggestion that the transaction was later, shall we say, ‘ modified ‘ may well explain this.

    Even if I had a discrepancy of £200 on balance day ( a fairly frequent occurrence ) there would be no way of my working out that the apparent in-payment could be responsible. A very, very clever scam. Must have been thought up by someone with great intelligence, however, I’ve not seen too many of those during the hearings.

    I sincerely hope POL don’t regard this as a get-out-of-jail-free card, they still knew something was happening and did bugger all.

  6. Hi Nick, I wrote to you some time ago about the possibility of deliberate fraud.

    It doesn’t necessarily need a bent SPM, just some accomplice to go into a PO, make some transaction that results in them receiving a large amount of cash and then someone with remote access deletes the transaction.

    Obviously a transaction that has some other record (like cashing a cheque or withdrawing on a card), but I’m sure there are plenty of transactions in the PO that would meet that criteria.

    Someone could even be touring round an are (say Wales) visiting all the POs in turn to repeat the trick and pocket thousands.

  7. There are better legal brains analysing this but at first glance it appears hostile and malevolent actors were at play and the full investigative process should be brought to bear to ascertain the part they and/or others singularly or in tandem played.
    I sense those advanced legal brains are already working out whose door should be knocked on – I wish I was young enough to go around the country to bring them in.

  8. Tim Chapman states ” the possible scenario of criminal activity of the manner I have raised here has not been raised at the Post Office Inquiry”.
    Is this the case?
    Surely internal fraud must be one of the most likely causes of the discrepancies?
    At the very least, the enquiry should investigate what controls both POL and Fujitsu had in place for exposing potential fraud. If these controls were inadequate, then management was negligent.

  9. Nick,
    Have you ever seen the 1968 film ‘Hot Millions’? This film from 1968 and starring/written by Peter Ustinov and a young Maggie Smith is prophetic on a number of different levels. Also the film production company borrowed a mainframe computer at the very centre of the plot from…..

    The Post Office!!

    Cheers,

    Phil Smith

  10. I'll keep this anonymous thanks avatar
    I’ll keep this anonymous thanks

    IT systems often have unknown vulnerabilities. I recall about 35 years ago I was working on a system that processed around £5,000,000 through direct debit on a once a month run.

    We’d made some changes to make the system work more quickly.

    After about 6 months I was making some legitimate changes, when I relalised that I could pinch the whole £5M and get away with it for 2 days… just long enough to leg it abroad….. fortunately I am honest and anyway, I didn’t want to live out my days in Brazil 🙂

    Instead I documented the way it could be done (which was rediculously easy) and went to see the internal audit team the next day…… the head of the team went “white”. Closed the loophole same day.

  11. It is Fraud by false representation s2 Fraud Act 2006 where the person knows the representation is false or MIGHT BE.
    The MIGHT BE seems to be being disregarded.

  12. A thoroughly respectful letter to the chair of the enquiry, so thank you, Tim. It seems obvious to me that Fujitsu’s claim that they could not access individual accounts, a fact that has been totally disproved by the enquiry, is false. I’ve no doubt whatever that money was being syphoned off from SP’s accounts in the unlikely even of scrutiny by government, the SP’s own union or any further investigation. I do hope the chair will take this up and taked the sums involved into consideration when determining compensation across the board.

  13. I am not discounting criminal activity but it would have to be very sophisticated and involve only a tiny number of people to succeed over that length of time. I have read this post several times. Amongst other things, the use of the word ‘agents’ concerns me as this had a specific meaning on Legacy Horizon. I believe that the poster is a fantasist.

    1. Re “agents”

      Pretty sure that the PO sometimes refer to subpostmasters as “Agents” and to their contract as the “Agency Agreement”. Not the PO in this case but it is the first seemingly relevant one I found. My _*highlighting*_.

      “JUSTICE FOR SUBPOSTMASTERS ALLIANCE – Latest

      Justice for Subpostmasters Alliance
      https://www.jfsa.org.uk
      A Subpostmaster does not earn a salary from Post Office Limited, but instead the post office branch of that _*agent*_ receives an office remuneration based upon.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

  • 2024
  • 2023
  • 2022
  • 2021


Subscribe For Latest Blog Updates

Tags

Alan Bates alice perkins Alwen Lyons Andrew Winn Andy Dunks Andy Parsons angela van den bogerd Bates v Post Office BBC Bonusgate CCRC Chris Aujard Clarke Advice False Accounts Fujitsu Gareth Jenkins Grabiner HCAB Horizon Hugh Flemington Inquiry Interim Report Janet Skinner Jarnail Singh Kevin Hollinrake Lee Castleton Lord Arbuthnot Mark Davies Nicki Arch Nick Read Noel Thomas Paula Vennells Paul Marshall Post Office Rob Wilson Rod Ismay Rodric Williams Second Sight Seema Misra ShEx Simon Clarke Susan Crichton Tom Cooper Tracy Felstead UKGI

Categories