A report into the effectiveness of vetting and counter-corruption arrangements in Gwent Police
Contents
Print this document
About us
His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask, and publish the answers in accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.
1. Introduction
Vetting, IT monitoring and counter-corruption: adequate
In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.
Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.
The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern. The report will be accessible via a web link from the most recent force PEEL report.
In December 2022, we inspected Gwent Police to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. It should be noted that we didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.
This report sets out our findings. It includes an area for improvement identified at the time of the inspection, which we recognise the force may have already addressed.
2. How effectively does the force vet its officers and staff?
Vetting authorised professional practice
In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.
The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.
Force vetting IT system
The force vetting unit (FVU) uses a vetting IT system that was introduced in 2010. An updated vetting IT system is due to be implemented in early 2023. The HR department routinely informs the FVU of employee moves. HR uses a separate IT system. This tracks the progress of recruitment and promotion processes and new vetting applications. The FVU uses this system to make sure all officers and staff have the correct level of vetting for their role.
The FVU uses information collated from its vetting IT system to track renewals in advance. This means the force has time to send application documentation before a renewal is due.
Current vetting of workforce
Gwent Police told us that as of October 2022, it had a total of 2,626 police officers, special constables, police staff and police community support officers.
The force told us there were 21 people without the correct level of vetting for their role. The force had a good awareness of these cases. Of them, six had expired vetting (three police officers, two police staff and one police community support officer). All were absent from work due to sickness and maternity leave. The force has a process to make sure their vetting is prioritised when they return to the workplace.
Demand and workload
The FVU uses the HR IT system to help manage its workload. The IT system allocates new vetting applications to vetting officers. The FVU manages renewals on the vetting IT system. At the time of our inspection, the force had 45 vetting applications yet to be dealt with.
The FVU and HR work together effectively to predict demand. The force vetting manager (FVM) maintains records on the number of new officers through the Police Uplift Programme one year in advance. The FVU can consider this recruitment information with future vetting renewal data to plan ahead.
The force has increased staffing levels in the FVU to cope with additional demand from the Police Uplift Programme. However, at the time of our inspection there wasn’t a supervisor managing the day-to-day operation of the unit. The force expected this post to be filled in early 2023.
Gwent Police grants non-police personnel vetting (NPPV) clearance to contractors, volunteers and people who work in organisations that share police premises. The force uses the police national vetting service hosted by Warwickshire Police to vet some non-police personnel. The FVU also works with two neighbouring forces to conduct NPPV checks for contractors.
At the time of our inspection, data on the force vetting system showed that there were 91 non-police personnel, 3 of whom were not vetted. In addition, 24 volunteers involved in the community speedwatch programme were in the process of having their vetting clearance cancelled.
The force has a good process to maintain accurate NPPV records. Nominated members of staff across the force are responsible for informing the FVU of any changes in non-police personnel. The FVM maintains a spreadsheet to manage this information. When the FVU is informed that an individual is no longer contracted, their clearance is cancelled and their access to buildings and IT removed.
Designated posts
Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.
The force told us it has designated 254 posts and maintains a list of these. There are 659 individuals that occupy these posts. When HR creates a new role, the FVM determines if MV is necessary. The designated posts list was last reviewed at the start of 2022.
The workforce resource management meeting monitors all police officer and staff moves. Generally, the force doesn’t allow individuals to take up a designated post before MV clearance is granted. The FVU prioritises MV applications to make sure that posts can be filled without delay. At the time of our visit, there were 15 people in MV posts who hadn’t yet been vetted to the higher level. These applications were being progressed by FVU staff.
We reviewed a selection of MV cases. In each case, the FVU had completed all the required minimum checks.
Transferees
Vetting APP allows forces to accept vetting clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring from another force with a current vetting clearance.
Gwent Police has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department (PSD) complaint and conduct history, as well as any counter-corruption unit (CCU) intelligence, from all forces in which the individual has previously served.
Change of circumstances
The force has taken steps to improve the workforce’s awareness that they must report any changes of personal circumstances, for example, marital status, name changes or significant changes to personal finances. This includes a reminder in the PSD newsletter.
The FVU completes vetting checks whenever an officer or member of staff moves role. This occasionally identifies changes in personal circumstances. In these cases, the FVU conducts vetting enquiries to identify risks and to decide if the person’s vetting status is affected.
The FVU doesn’t receive many notifications of changes of personal circumstances. Senior managers in the force acknowledge more work is required to improve staff awareness to report changes. We encourage the force to take more comprehensive action to achieve this.
PSD informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning.
Vetting decisions
Vetting officers in the FVU conduct all the relevant vetting checks. They submit the results to the FVM for a decision, even in straightforward cases where no concerning information is found. This is creating an increased workload for the FVM. We encourage the force to introduce a tiered approach to decision-making. The introduction of a supervisor post in the FVU will assist in this.
The FVU regularly undertakes interviews to clarify written responses in vetting applications.
Risk mitigation measures
The force regularly uses risk mitigation measures to support its vetting decisions. This includes monitoring applicants’ social media activity and regular reviews of applicants’ management of their finances.
The FVU refers some cases to the CCU to monitor applicants’ use of the force’s IT systems to help manage potential risks.
The force produces a counter-corruption strategic threat assessment (STA) annually. This outlines the current threats facing the force. FVU staff told us they were aware of the threats facing the force due to their close working relationship with the CCU. However, the CCU hasn’t shared the STA with vetting decision-makers in line with the APP.
Appeals and quality assurance
The deputy chief constable (DCC) handles vetting appeals. The FVM presents the appeal case to a panel convened to advise the DCC. It includes representatives of:
- the positive outreach team;
- HR;
- independent advisory group members;
- police and crime commissioner’s office; and
- staff associations.
One of the principles of the Vetting Code of Practice is that: “Decision-making in respect of vetting clearance should be separate from, and independent of, recruitment and other human resources processes.” Therefore, we question the role that HR representatives and positive outreach teams have in Gwent Police’s appeal process.
Furthermore, we found the DCC makes the final decision but passes responsibility for recording its rationale to the FVM. This approach is wholly unsatisfactory. It isn’t in keeping with a transparent and independent appeal process, particularly as the FVM makes the original decision to refuse vetting. We strongly urge the force to review the appeal process.
Others than appeals, there is currently no process to quality assure vetting decisions. We encourage the force to introduce a quality assurance process when the new FVU structure is introduced.
Disproportionality
The APP states there is a risk that vetting has a disproportionate impact on underrepresented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.
The force analyses the outcomes of all vetting applications from people who declare a protected characteristic. It conducts analysis against different religions, age, gender, gender reassignment, disability, sexual orientation, and ethnic backgrounds. The FVU presents this data every quarter to the force’s chief officer team. No issues have been identified to date.
Vetting file review
We reviewed 40 vetting clearance decisions from the preceding 3 years with a vetting specialist from another force. These files related to police officers and staff who had previously committed criminal offences or those that the force had other concerns about. The files included transferee and recruitment vetting decisions.
We agreed with most of the force’s decisions. But in three cases the recorded rationale didn’t consider all identified risks or relevant risk mitigations. For example, there were cases where the force should have asked for continued reviews of applicants’ finances.
Generally, the force uses the vetting APP to guide its decisions. But the recorded rationales would benefit from more specific reference to the APP and the National Decision Model. This would help the force to account for all identified risks and any potential mitigations.
Areas for improvement
The force should improve its vetting arrangements to ensure that:
- when concerning adverse information has been identified during the vetting process, all decisions (refusals, clearances and appeals) are supported with a sufficiently detailed written rationale, including more specific reference to vetting authorised professional practice and the National Decision Model;
- when granting vetting clearance to applicants with concerning adverse information, the force vetting unit creates and implements effective risk mitigation strategies, with clearly defined responsibilities and robust oversight; and
- the appeal process for refused vetting applications is consistent with the Vetting Code of Practice, particularly in relation to decision-making responsibilities and the involvement of HR professionals.
3. How effectively does the force protect the information and data it holds?
Lawful business and IT monitoring capability
Gwent Police can monitor most of its IT systems across mobile and desktop devices. It proactively checks activity on mobile devices. This helps identify potential misconduct including improper contact with vulnerable victims or organised crime groups.
The CCU proactively monitors individuals when intelligence shows they pose a higher risk of sexual misconduct. We also saw evidence of IT monitoring of people who were the subject of other corruption intelligence. However, the force may benefit from additional resources dedicated to IT monitoring.
There are strong links between the IT department and the CCU. The head of the CCU attends a monthly digital services provisions board, which has oversight of all IT projects relating to mobile devices. The CCU also consults IT colleagues during any IT procurement to assess and discuss auditing functions and other measures designed to prevent and detect misuse.
IT monitoring policy
The force has a lawful business monitoring policy for monitoring and recording staff communications. The policy allows the CCU to audit all force mobile phone data. In addition, it allows for proactive monitoring of IT systems to identify and tackle corruption.
Digital device management
The force told us it can attribute 88 percent of all mobile devices it has issued to individuals across the workforce. The remaining 12 percent are older devices with no means of updating the software. The force has undertaken a recent review and found 126 mobile phones being used by members of the workforce that they weren’t aware of. There are 191 additional mobile devices currently unaccounted for.
The force doesn’t monitor some devices used by one specific specialist team. During the inspection we strongly urged the force to address this and were encouraged that the CCU responded immediately.
Devices are only issued when recipients have acknowledged the force’s lawful business monitoring policy in writing. This policy states devices can be used for work purposes only and that users should have no expectation of privacy if used for personal use.
Information security – encrypted apps
The force has a comprehensive social media policy and detailed guidance. These documents have been circulated to the workforce. Encrypted apps are generally not permitted on force devices, but the head of the CCU can authorise their use in exceptional circumstances. At the time of our inspection, no such requests had been made.
PSD and the CCU provide training and guidance to the workforce about the risks associated with social media misuse. Officers and staff we spoke to showed awareness of the force’s expectations of them.
4. How well does the force tackle potential corruption?
Intelligence
Sources of corruption-related intelligence
The force has an anonymous confidential reporting line. Between 1 January 2021 and December 2022, it received 94 reports (64 in 2021 and 54 in 2022).
We examined 60 corruption intelligence files. We found in most cases corruption intelligence was reported directly to the CCU by the workforce. In 12 cases the report had been made by a member of the public. We found several cases that were the result of proactive intelligence work and information requests to other PSDs.
Police corruption categorisation
The force correctly categorises intelligence in line with the counter-corruption APP.
Partnership working to identify potential corruption
The force has developed relationships with agencies and organisations who support vulnerable people. The CCU has provided training on abuse of position for a sexual purpose (AoPSP) to social services, housing associations and charities. It gives them phone numbers to report concerns directly to the CCU or Independent Office for Police Conduct. This approach has been effective and resulted in six reports of suspected corruption.
At the time of our inspection, the force was in the process of recruiting a new dedicated prevention and engagement lead. This will give the force more opportunities to encourage partner agencies to report suspected AoPSP.
Identifying corruption threats
Counter-corruption strategic threat assessment
Gwent Police has a comprehensive counter-corruption STA. It identifies the force’s main risks, which include sexual misconduct, disclosure of information, vulnerability and misuse of force IT systems.
The force publishes an edited version of the STA on its intranet to communicate the threats to the workforce.
Counter-corruption control strategy
The force has a counter-corruption control strategy based on the 4P-approach (pursue, prepare, protect and prevent). It clearly sets out the priorities identified in the STA and is shared with the workforce.
Implementation plan
Each of the corruption threats identified in the STA and control strategy are considered in detail within the force’s implementation plan. There is a designated person responsible for each task and clear timescales for completion. The head of the CCU continuously tracks progress.
Managing corruption threats
Intelligence development
We reviewed 60 corruption intelligence files. In most cases the CCU responded effectively and use a good variety of techniques to develop intelligence. We found the force had missed opportunities to develop intelligence further and mitigate corruption risks in eight cases. These included allegations of sexual misconduct by members of the workforce.
The CCU makes excellent use of proactive IT monitoring. We found five cases of proactive intelligence development. These included cases of AoPSP.
Identification of those who pose a corruption risk
The force has an established process to gather intelligence on its workforce, which has generated 141 intelligence reports over the last two and a half years.
The process is supported by several proactive monitoring operations that manage those who pose the biggest corruption risk. The CCU and PSD review cases monthly. This work informs the quarterly meeting, chaired by the deputy chief constable, where intelligence on members of the workforce is shared between departments.
The force uses three risk matrices to monitor members of the workforce who may pose a corruption risk:
- Operation Lotus aims to identify and manage those individuals who present a risk of corruption.
- Operation Erasure aims to manage people for whom the force has intelligence of inappropriate behaviour of a sexual nature.
- Operation Porsche aims to identify inappropriate contact with vulnerable people.
We found all three matrices are extremely comprehensive and very well managed. They are reviewed by the CCU according to the risk an individual poses. Operation Lotus is particularly impressive and has been shared with other CCUs. We congratulate the force on this approach.
Capacity and capability to investigate corruption
The CCU is a small team of experienced detectives, researchers, and a crime analyst. The current structure helps it to develop potential intelligence.
The CCU investigates all AoPSP cases. For other types of corruption, after an initial investigation, the CCU decides if the case should be transferred to PSD for further investigation.
Staffing levels meet current demand. However, the force recognises CCU workloads are increasing. The CCU analyst administers the three risk matrices and IT monitoring. CCU investigators are responsible for different aspects of this work, which means they are unable to focus solely on their corruption investigations.
We were told an additional post, a prevention officer, had recently been approved and a temporary staff investigator post made permanent. The head of the CCU recognises that further resources would help build on its successes, particularly in relation to IT monitoring.
Specialist resources
The CCU including the senior management team are experienced in covert law enforcement. It has good working relationships with the serious and organised crime unit and attends the force’s organised crime meeting.
When required, the force can access resources for covert investigations through the regional organised crime unit, neighbouring forces or the National Crime Agency.
Policies designed to prevent corruption
Clear and concise corruption prevention policies help to guard against corrupt activity, but can’t guarantee to prevent corruption, or in themselves stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.
The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. Our inspectors examine their policies in these areas:
- Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators, or members of extremist groups. They should require the disclosure by officers and staff of such associations.
- Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
- Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts and/or hospitality.
We found Gwent Police’s policies are comprehensive and reflect the APP guidance. Members of the workforce submit an online form if they have notifiable associations or business interests or have been offered gifts or hospitality. Notifiable associations and business interests are regularly reviewed and well managed by the CCU.
The gifts and hospitality register was administered by PSD, but the CCU was due to take over responsibility in January 2023.
Sexual misconduct
The force recognises AoPSP as serious corruption. During the file review, we found the CCU consistently referred these cases to the Independent Office for Police Conduct.
The force supports mandatory College of Policing training with poster campaigns, intranet articles and the publication of outcomes from gross misconduct hearings. The CCU has provided further training, including a video on AoPSP, to all new recruits, frontline officers and staff, people working in custody suites, and the force communications team.
CCU staff provide a further level of training to line managers to help them identify AoPSP warning signs. We found a good understanding of AoPSP across the workforce.
Back to publication
A report into the effectiveness of vetting and counter-corruption arrangements in Gwent Police