A report into the effectiveness of vetting and counter-corruption arrangements in Cheshire Constabulary

About us

His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask, and publish the answers in accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.

1.  Introduction

Vetting, IT monitoring and counter-corruption: requires improvement

In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.

Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.

The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern. The report will be accessible via a web link from the most recent force PEEL report.

In October 2022, we inspected Cheshire Constabulary to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. It should be noted that we didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.

This report sets out our findings. It includes areas for improvement identified at the time of the inspection, which we recognise the force may have already addressed.

2.  How effectively does the force vet its officers and staff?

Vetting authorised professional practice

In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.

The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.

Force vetting IT system

In 2021, Cheshire Constabulary introduced a new vetting IT system. At the time of our inspection, the force was still developing the system and its functions. The force had made a financial decision not to transfer vetting data from its old system straightaway. Instead, it moves data when a person is vetted or vetting is renewed.

The vetting IT system doesn’t fully link with force’s HR systems. The force vetting unit (FVU) has to check multiple systems to identify the vetting required for a post, who is in the post and their current vetting status.

The IT system generates vetting forms for applicants. The FVU accesses HR’s IT system to update the department on vetting decisions. HR provides the FVU with a list showing the vetting level of every member of the workforce. HR and the FVU hold weekly meetings. They share information about individuals who are moving role, leaving or joining the force.

Current vetting of the workforce

Cheshire Constabulary told us that as of October 2022, it had a total of 4,378 police officers, special constables, police staff and police community support officers.

The force told us there were 54 people (36 police officers and 18 police staff) without the correct level of vetting for their role.

As the new vetting IT system doesn’t link directly to the HR systems, the FVU only becomes aware that a person has left the force when it starts the vetting renewal process. This happens frequently for people requiring non-police personnel vetting (NPPV), such as contractors or those working for organisations that share police premises.

Demand and workload

Cheshire Constabulary told us the FVU had 155 vetting applications yet to be dealt with. The force vetting manager (FVM) regularly meets HR to plan for increases in demand and to agree the prioritisation of vetting cases. The time it takes to complete all vetting checks from receipt of the application to finalisation was six to eight weeks, but it has increased to eight to ten weeks. The force should continue to monitor the unit’s workload to make sure delays don’t become excessive.

The force has granted over 2,900 people NPPV clearance. However, it couldn’t tell us how many of them still required this clearance to access police premises or force IT systems.

When a person’s NPPV vetting is due for renewal, FVU staff contact the relevant departments to check if it is still required. However, they don’t always receive a reply, in which case vetting is withdrawn and access to premises and systems is removed. We urge the force to introduce a process to make sure the FVU is always informed when NPPV clearance is no longer required.

Designated posts

Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.

In Cheshire Constabulary, there were 11 people in designated posts whose MV had expired. All were police officers.

The FVM produced the designated post list in consultation with departmental heads and local police commanders. HR checks a person has MV status before they take up a designated post. If not, HR advises the FVU of the proposed move, and the person is sent an MV application form. The person only takes up the post when the correct level of vetting has been granted. At the time of our inspection this was a relatively new process, with the required IT still under development.

Transferees

Vetting APP allows forces to accept clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring with a current vetting clearance.

Cheshire Constabulary has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department (PSD) complaint and conduct history, as well as any counter-corruption unit intelligence, from all forces in which the individual has previously served.

Change of circumstances

In 2022, the force reminded the workforce of their responsibility to notify the FVU of any change to their personal circumstances, for example, marital status, name changes or significant changes to personal finances.

However, the FVU only receives a relatively small number of notifications. This suggests some staff don’t know they have to report these changes. The force conducts annual checks during performance reviews of some officers and staff, but only those with MV. The force should continue to remind all officers and staff of their responsibility to report changes.

When the FVU receives a notification, it conducts relevant vetting enquires to identify risks and decide if the person’s vetting status is affected.

PSD informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning.

Vetting decisions

Staff in the FVU conduct all the necessary checks when an individual requires vetting clearance. They send the file without any recommendation to the FVM or their deputy, who make the final decision regarding vetting clearance or rejection.

The force interviews applicants if there are any issues identified during the vetting process that require clarification.

Risk mitigation measures

In some cases, the force grants clearance despite the vetting process revealing adverse information about the applicant or their family or friends. When this happens the FVU informs the counter-corruption unit (CCU). However, we found the force isn’t consistently mitigating these risks, such as monitoring the applicant’s use of the force’s IT systems.

The force produces a counter-corruption strategic threat assessment (STA) annually. This outlines the current threats facing the force. There is no established process for the CCU to share the STA with vetting decision-makers. We encourage the force to do this.

Appeals and quality assurance

The deputy head of PSD handles vetting appeals. The head of PSD routinely quality assures a selection of vetting files and provides feedback to staff if necessary.

Disproportionality

The APP states there is a risk that vetting has a disproportionate impact on underrepresented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.

Since our last inspection, the force has improved its monitoring of disproportionality. It has also introduced analysis across a range of protected characteristics.

Vetting file review

We asked a vetting specialist from another force to review 40 clearance decisions from the preceding 3 years related to police officers and staff who had previously committed criminal offences or that the force had concerns about. The files included transferee and recruitment vetting decisions.

Generally, we found the files well managed and initial decision-making well documented. But the vetting specialist disagreed with the force’s decision to grant clearance in six cases. In five of these cases, the initial decision had been to refuse clearance, but it was granted on appeal. The rationales recorded did not justify the appeal decisions taken. They should.

We found a lack of recorded risk mitigations for applicants with concerning adverse information. In three of six cases where risk mitigation proposed by the FVU had been recorded, it was not implemented. Before granting vetting clearance, the force should decide what mitigation is necessary and ensure it is able to implement it.

3.  How effectively does the force protect the information and data it holds?

Lawful business and IT monitoring capability

Cheshire Constabulary has been using IT monitoring software for several years. The force told us that it is currently working with its IT supplier to overcome technical difficulties relating to the monitoring of some devices and applications.

At the time of our inspection, the force was using its monitoring software for reactive auditing. But the force is missing out on opportunities to collect intelligence proactively.

IT monitoring policy

The force has a lawful business monitoring policy for monitoring and recording staff communications. It allows the force to audit all its mobile phones for call data and text messages. The CCU undertakes random and unannounced visits to a range of departments to inspect content on force mobile phones in person.

Digital device management

The force can attribute all mobile phones, computers and tablets issued to individuals across the workforce. Every device has a warning screen outlining the force’s lawful business monitoring policy and stating that it is for work purposes only.

The force is in the process of providing staff with new smartphones. These are fully compatible with the IT monitoring software.

Information security – encrypted apps

The force has a social media policy and has shared it across the workforce. PSD training provides guidance on social media that includes the risks associated with its misuse. Officers and staff we spoke to were aware of the force’s expectations of them.

The force doesn’t generally permit the use of encrypted apps on its devices. The head of CCU authorises any exceptions, which must be supported by a compelling business case.

4.  How well does the force tackle potential corruption?

Intelligence

Sources of corruption-related intelligence

The force has an anonymous confidential reporting line. The CCU can make contact with the person making the report while maintaining their anonymity.

In the year ending 31 March 2021, there was a 22 percent increase in reports to the CCU through the line, compared to the previous year. However, despite the CCU’s efforts, in many cases the person reporting suspected wrongdoing didn’t take up the opportunity to continue the communication anonymously. The force may benefit from advertising this two-way process more widely to encourage people making reports to use it.

We examined 60 corruption-related intelligence files. The confidential reporting line is the force’s most common source of corruption intelligence. We also saw intelligence received from other PSDs and the National Crime Agency (NCA). We only found one case of proactive intelligence collection.

Police corruption categorisation

The force correctly categorises corruption intelligence in line with the counter-corruption APP.

Partnership working to identify potential corruption

The force has developed working relationships with agencies and organisations who support vulnerable people.

In addition, the force prevention officer has a programme of engagement work with health and education professionals. The force holds regular training and awareness sessions to multiple agencies and organisations to highlight warning signs of abuse of position for a sexual purpose (AoPSP) and encourage reporting. It provides participants with information about the confidential reporting line and CCU contact details, as well as the prevention officer’s email. This offers a selection of methods to report suspected AoPSP.

Identifying corruption threats

Counter-corruption strategic threat assessment

In January 2022, Cheshire Constabulary’s current counter-corruption STA was published. It identifies the force’s priorities, emerging threats and some organisational vulnerabilities. However, it doesn’t identify key locations for corrupt activity or profile potentially corrupt officers, staff and external corruptors.

The CCU has a link to its STA on the force’s intranet site, but this linked through to the STA dated 2016. This, and our conversations with officers and staff, have left us unconvinced that the workforce has a good understanding of current corruption threats.

The force should update the intranet with its current counter-corruption STA and make sure it is communicated to its workforce.

Counter-corruption control strategy

The force has produced a counter-corruption control strategy, but it is not to the required standard. It only features two of the force’s three counter-corruption threats. It does not outline any plans to address the threats. Overall, it lacks detail. CCU staff didn’t show good awareness of the NCA’s counter-corruption strategy. Consequently, the force isn’t assessing the local threat in the context of the NCA’s priorities.

Implementation plan

The force doesn’t have a plan to develop its counter-corruption control strategy. Without this, there is no clear understanding as to who is responsible for addressing the risks identified or timescales for when the work needs to be completed.

Managing corruption threats

Intelligence development

We reviewed 60 corruption intelligence files. The CCU responded effectively in most cases. The force uses a variety of reactive techniques to develop and investigate corruption-related intelligence. The CCU records its decision-making and rationale comprehensively. There were a small number of cases where the force’s limited auditing capability meant it didn’t progress some specific types of audits. These are missed opportunities.

Identification of those who pose a corruption risk

The force has a meeting where information about officers and staff who are the subject of complaint or conduct matters is shared between departments. It is attended by PSD, legal services, local police commanders and HR. But the CCU doesn’t attend these meetings. The force acknowledges a more formal meeting including the CCU and other operational departments would be beneficial. This would allow the force to be more proactive and collaborative in targeting individuals who may pose a corruption threat.

The force uses a risk matrix to manage people who potentially pose a corruption threat. The matrix categorises each person as low, moderate or high risk.

During the file review we saw mitigation measures in place for those deemed to be a moderate or high-risk corruption threat. However, options for mitigation measures are restricted by the limited resources in the CCU. They are further limited by the force’s inability to effectively monitor its IT systems.

We found that individuals identified through vetting as having criminal associates aren’t routinely recorded on the CCU’s risk matrix.

Capacity and capability to investigate corruption

The CCU is a small team comprising experienced detectives supported by a crime analyst. The current structure helps the CCU to develop intelligence. Generally, where further investigation is required, the CCU hands over the investigation to PSD. We found very few cases investigated wholly by the CCU due to limited resources.

Current resourcing levels in the CCU aren’t sufficient to develop corruption-related intelligence beyond the scope of the original allegation. This means opportunities to identify and exploit further corruption-related intelligence are being missed.

In addition, the force hasn’t determined the additional staff it will need once it has implemented effective IT monitoring software.

Specialist resources

The CCU told us it had a positive working relationship with the NCA, through which it accesses resources for covert investigations. It doesn’t have direct access to a covert operations manager or tactical advisor to support counter-corruption work.

Policies designed to prevent corruption

Clear and concise corruption prevention policies help to guard against corrupt activity, but can’t guarantee to prevent corruption, or in themselves stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.

The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. Our inspectors examine their policies in these areas:

• Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators, or members of extremist groups. They should require the disclosure by officers and staff of such associations.
• Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
• Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts and/or hospitality.

We found Cheshire Constabulary’s policies are comprehensive and reflect the APP guidance. The force has a process for officers and staff to follow if they have a notifiable association, business interest or are offered gifts or hospitality. The registers containing this information are well managed.

The force told us it had recorded 153 notifiable associations, of which 17 were assessed as moderate risk. These cases were being well managed, and the process will be enhanced once the force has full IT monitoring. There are no high-risk cases.

We found members of the workforce have registered 550 business interests. We reviewed a selection and saw evidence of annual reviews, conditional approvals and declined applications.

Members of the workforce who are offered or receive a gift or hospitality must record it on a dedicated system that went live in June 2022. They complete an electronic form, which their line manager has to approve. PSD receives a monthly list of approvals and can override the line manager’s decision. We reviewed five cases and found each correctly approved.

Sexual misconduct

The force recognises AoPSP as serious corruption. We found the CCU records such cases appropriately and refers them to the Independent Office for Police Conduct.

Our file review revealed cases of sexual misconduct intelligence that weren’t developed beyond the scope of the initial allegation. In each case, the allegation was made by another member of the workforce and the force didn’t consider the wider risk to the public. In cases where the intelligence can’t be developed for further investigation, the CCU doesn’t routinely use early intervention to mitigate the risk.

We found a good knowledge of AoPSP among the wider workforce. The force uses the College of Policing’s AoPSP video as mandatory training. This is reinforced by PSD and CCU training packages given to frontline officers, and new promotion courses. The force publishes outcomes of misconduct cases and case studies on its intranet.

Back to publication

A report into the effectiveness of vetting and counter-corruption arrangements in Cheshire Constabulary