A report into the effectiveness of vetting and counter-corruption arrangements in Humberside Police

About us

His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask and publish the answers in an accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.

1.  Introduction

In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.

Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.

The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern.

Humberside Police requires improvement at vetting, IT monitoring and counter‑corruption.

In April 2023, we inspected Humberside Police to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. It should be noted that we didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.

This report sets out our findings. It includes areas for improvement identified at the time of the inspection, which we recognise the force may have already addressed.

2.  How effectively does the force vet its officers and staff?

Vetting authorised professional practice

In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.

The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.

Force vetting IT system

In August 2022, Humberside Police introduced a new vetting IT system, but it doesn’t link with the force’s HR system. The force told us it is experiencing some problems with the new system. It is working with the IT supplier to resolve these problems. In addition, most of the vetting data is still on the old vetting system. This means force vetting unit (FVU) staff must use the two systems simultaneously to manage the force’s vetting arrangements.

To overcome this, the HR department provides the FVU with information about workforce changes. But the force told us that HR doesn’t consistently pass this information to the FVU in every case. This means the FVU may be unaware of some changes to the workforce.

Current vetting of the workforce

Humberside Police told us that as of April 2023, it had a total of 3,878 police officers, special constables, police staff and police community support officers.

The vetting system alerts the FVU 42 days before renewals are due, prompting the unit to send out application documents.

The force told us there were 42 people in post without the correct level of vetting for their roles because it had expired. Of these, 12 were management vetting (MV) cases, which is a higher level of vetting.

Demand and workload

The FVU is prioritising recruitment vetting to support the Police Uplift Programme. This means other FVU work, such as vetting renewals, is being delayed. Some new FVU staff are still undergoing training, including familiarisation with the new vetting IT system. This is making the problem worse.

The FVU told us that it could do more to understand its current demand. For instance, it could monitor the time it takes to complete vetting work. It could also improve its understanding of future demand by analysing data such as vetting renewal forecasts and the force’s future recruitment plans.

The force grants non-police personnel vetting (NPPV) clearance to contractors, volunteers and people who work for organisations that share police premises. It hasn’t been using the police national vetting service hosted by Warwickshire Police.

The force told us that as of April 2023, there were 502 people with expired NPPV clearance and 92 people with current NPPV clearance. The FVU believes that most of the expired cases relate to people who no longer work with the force and don’t require NPPV. The force has recently introduced a process to remove access from systems and buildings when no longer required. But the FVU isn’t always notified when contracts end or when people have left contracted companies. This means such people may still have vetting clearance and access to buildings and IT systems when it should have been removed. At the time of our inspection, the FVU was in the process of consulting with heads of department to address this issue.

Designated posts

Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.

Humberside Police hasn’t been managing its MV processes effectively. It maintains a designated posts list, but the list records departments and role types rather than individual posts. At the time of our inspection, the FVU was in the process of reviewing the list to identify each postholder and comparing it with vetting data.

Until the force completes this review, it can’t be confident that every individual occupying a designated post is cleared to the correct level. The force told us that as of May 2023, the FVU had a list of 571 police personnel with current MV clearance. The force told us that eight police officers and four police staff had expired MV.

Generally, the force doesn’t post people into MV roles without the required clearance. However, the FVU told us that this does happen occasionally.

We examined a selection of MV files and found that the FVU had completed all the minimum checks required by the APP in most of them. However, we found that the FVU wasn’t asking for line manager endorsement. We also found several examples where MV clearance was granted without the FVU completing the necessary counter‑terrorism checks.

Transferees

Vetting APP allows forces to accept vetting clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring from another force with a current vetting clearance.

Humberside Police has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department (PSD) complaint and conduct history as well as any anti-corruption unit (ACU) intelligence from all forces in which the individual has previously served.

Change of circumstances

The force has taken steps to improve the workforce’s awareness that they must report any changes in personal circumstances, for example, marital status, name changes or significant changes to personal finances.

Humberside Police’s PSD gives new recruits guidance about reporting changes. In addition, the chief constable recently sent a force-wide email reminding members of the workforce about their obligation to report changes.

The force’s personal development review system includes questions about risks, such as business interests. It specifically asks staff about any changes in their personal circumstances. At the time of our inspection, the force told us that 51 percent of staff had completed their most recent personal development review.

Generally, the workforce understands when to report changes in circumstances. But we found some people who believed it was enough to only report changes to the HR department, meaning the FVU may not always be aware of them.

When it receives a notification, the FVU conducts relevant vetting checks to identify risks and to decide if the person’s vetting status is affected.

The PSD informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning.

Vetting decisions

Vetting researchers in the FVU conduct all relevant checks.

The force vetting manager makes all vetting decisions for cases with adverse information. The force has recently appointed a deputy vetting manager who will assist in the process once their training is complete.

The FVU sometimes conducts interviews to clarify written responses in vetting applications.

Risk mitigation measures

The force told us it uses risk mitigation measures to support its vetting decisions. This includes restrictions on where people can be posted, monitoring their use of the force’s IT systems and regular reviews of applicants’ management of their finances.

The FVU and ACU sometimes work closely when considering the use of IT monitoring to help manage potential risks. But the force acknowledges that this process isn’t consistent. We encourage the force to improve its governance of risk mitigation measures.

The force produces a counter-corruption strategic threat assessment (STA) annually, which outlines the current threats it faces. The ACU keeps vetting decision-makers in the FVU up to date on the main threats.

Appeals and quality assurance

The head of the PSD manages vetting appeals from external applicants. The deputy chief constable or HR handles appeals involving existing members of the workforce.

One of the principles of the Vetting Code of Practice is that: “Decision-making in respect of vetting clearance should be separate from, and independent of, recruitment and other human resources processes.” Therefore, we question the role that HR representatives have in the force’s appeal process.

The force has recently introduced a process for quality assuring vetting decisions. It is too early to say if this process is effective.

Disproportionality

The APP states there is a risk that vetting has a disproportionate impact on under‑represented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics. This is to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.

Humberside Police maintains records of the results of all vetting applications from people who declare a protected characteristic. It has recently introduced processes to analyse this data. We encourage the force to develop this work further.

Vetting file review

We reviewed 40 vetting clearance decisions from the preceding 3 years with a vetting specialist from another force. These files related to police officers and staff who had previously committed criminal offences or those that the force had other concerns about. The case file review included transferee and recruitment vetting decisions.

In 16 cases, the recorded rationale didn’t demonstrate that the force had sufficiently considered all the identified risk factors. In some cases, there was no rationale recorded. This meant it wasn’t possible for our inspectors to fully review the decisions and agree with the decisions to grant vetting clearance.

One of these decisions was made after the publication of our thematic report, An inspection of vetting, misconduct, and misogyny in the police service. In that report, we recommended that all vetting decisions (refusals, clearances and appeals) should be supported with a sufficiently detailed written rationale.

Vetting decision-makers should make sure they always complete a detailed rationale with reference to the vetting APP and the national decision model. This would help them to account for all identified risks and any potential mitigations.

3.  How effectively does the force protect the information and data it holds?

Lawful business and IT monitoring capability

When we inspected Humberside Police in 2018/19, we identified limitations in the force’s IT monitoring capability as an area for improvement.

The force is in the process of changing its IT monitoring software supplier. This is because the current IT monitoring product is unable to meet the force’s needs. The introduction of the new software has been delayed due to problems with preparing the force’s IT infrastructure.

Although the ACU can audit some of the force’s IT systems, it is unable to monitor all devices and applications. This limits the scope of some investigations.

Generally, the ACU has enough resources to meet current reactive demand. But the force acknowledges it will need more staff when it increases the scope of its IT monitoring.

The IT department doesn’t consult with the PSD or the ACU when procuring new IT systems. This means the systems may not include suitable auditing functions or other measures designed to prevent and detect misuse. We urge the force to make sure future IT procurements are developed in consultation with the ACU.

IT monitoring policy

The force has a lawful business monitoring policy for monitoring and recording staff communications. The policy allows the force to carry out proactive monitoring to identify and tackle corruption.

The policy also provides staff with clear guidance about the expectation of privacy when using force handheld and other mobile systems.

Digital device management

The force can attribute all mobile phones and tablets issued to individuals across the workforce. The IT department is updated when a mobile device is returned and reallocated.

Information security – encrypted applications

Encrypted applications aren’t permitted on force devices.

The force has a comprehensive social media policy. It has shared it across the workforce. It provides guidance on the use of social media that includes the risks associated with its misuse.

4.  How well does the force tackle potential corruption?

Intelligence

Sources of corruption-related intelligence

The force has an effective confidential reporting system on its intranet. The workforce can also report wrongdoing through a third-party company.

Between 1 January 2020 and 31 December 2022, the force received 926 reports:

• 379 reports in 2020;
• 289 reports in 2021; and
• 258 reports in 2022.

While the number of reports had been decreasing, this year it has increased. Between 1 January to 31 March 2023, there were 114 submissions. This followed a communication from force command that encouraged the workforce to use the system to report their concerns.

We examined 60 corruption intelligence files and found that these reporting lines were effective intelligence sources.

We also saw intelligence reported from colleagues, line managers, the public and external agencies.

Police corruption categorisation

The force correctly categorises intelligence in line with the counter-corruption APP.

Partnership working to identify potential corruption

A member of the ACU met with the leaders of the four unitary authorities to raise awareness of abuse of position for a sexual purpose (AoPSP). They also gave them posters for distribution to inform their staff about inappropriate behaviour and AoPSP. However, the force could do more to develop relationships with agencies and organisations that support vulnerable people.

Identifying corruption threats

Counter-corruption STA

The force has a counter-corruption STA. It identifies the four main corruption risks facing the force and any emerging threats. It makes good use of case studies to demonstrate the main threats.

The force doesn’t publish its STA or communicate the corruption threats to the workforce. The ACU shares the STA with the PSD, the FVU and the dedicated source unit. We encourage the force to consider publishing an edited version of its STA. This will give the workforce a better understanding of the force’s current corruption threats.

Counter-corruption control strategy

The force has a counter-corruption control strategy. It is based on the 4P-approach (pursue, prepare, protect and prevent).

Implementation plan

The ACU doesn’t have a plan to introduce measures to address the threats identified in the STA. Without this, there is no clear understanding of who is responsible for addressing the risks identified or the timescales outlined for when the work needs to be completed.

Managing corruption threats

Intelligence development

We reviewed 60 corruption intelligence case files. In most cases, the ACU responded effectively with good supervisory oversight. All counter-corruption investigations are subject to a tasking meeting every two weeks, where actions are agreed and set. But these actions weren’t always recorded effectively.

Mostly, we found the ACU’s investigations were thorough. However, we found eight cases where the ACU had missed opportunities to develop intelligence further and mitigate corruption risks.

The force used a variety of techniques to develop and investigate corruption-related intelligence. We found two cases of proactive intelligence collection. One was the result of a random drug test. The other was identified by the force placing an alert on a specific record on a force IT system, which detected unauthorised access to the data in that record.

Identification of those who pose a corruption risk

The force doesn’t have an established people intelligence meeting attended by senior managers from local policing areas, HR, finance, legal services and training.

At the time of our inspection, there didn’t appear to be any process in place to discuss across departments anyone who may pose a risk to the force or the public. The force told us that when the PSD identifies a concern that an individual may pose a risk, the PSD will inform the individual’s local commander or head of department.

The force has since told us that each policing area has a monthly senior leadership team meeting attended by an HR representative. Relevant information from these meetings is shared with the PSD. We have been unable to verify this.

Capacity and capability to investigate corruption

The ACU is a small team comprising of well-trained and experienced detectives. The ACU recently had to take over an overt reactive investigation from the PSD. The force told us this was due to PSD staff not having the required investigative skills.

The ACU has one full-time and one part-time analyst, which is positive. However, much of the analysts’ time is spent on administrative tasks and research rather than supporting the ACU investigations.

Due to the current workload of the ACU investigators and the force’s limited IT‑monitoring capability, there is little opportunity for the ACU to gather corruption‑related intelligence proactively.

When we inspected the force, a business case to increase the staffing of the ACU had been approved. However, recruitment hadn’t taken place, and the ACU was unaware the business case for additional staff had been approved.

Specialist resources

It has been several years since the Humberside Police ACU has used specialist covert tactics for corruption investigations. However, ACU managers are experienced detectives with good operational knowledge of such tactics. Although the ACU doesn’t have these specialist resources, the force told us that access to covert resources could be requested from the regional organised crime unit.

We didn’t identify any missed opportunities to use covert tactics to support corruption investigations.

Policies designed to prevent corruption

Clear and concise corruption prevention policies help to guard against corrupt activity but can’t guarantee to prevent corruption or, in themselves, stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.

The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. Our inspectors examine their policies in these areas:

• Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators or members of extremist groups. They should require the disclosure by officers and staff of such associations.
• Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
• Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts or hospitality.

Humberside Police’s policies are comprehensive and reflect APP guidance.

Members of the workforce report notifiable associations through the confidential reporting process.

The ACU records individual notifiable associations on its intelligence system. However, there is no central register listing all the force’s recorded notifiable associations. The circumstances of each notifiable association are risk assessed, but a formal risk assessment matrix isn’t used. The ACU has identified ten declared notifiable associations that have necessitated conditions being applied to reduce the risks. Line managers are made aware of all recorded notifiable associations.

When a notifiable association is identified during vetting processes, the FVU doesn’t notify the ACU. Instead, the force relies on the individual recognising it as a notifiable association and completing the relevant form.

Business interest applications are submitted through an online form to the PSD. Applications are considered by a panel, with the PSD superintendent making the final decision. The force currently has 804 approved business interests. The force’s checking for compliance with conditions is inconsistent and often only intelligence led. Most conditions were generic and could have been included in the force policy. This would have allowed business interests with specific conditions to be more easily monitored. We suggest the force’s policy is changed to allow this.

The review period is three years. We saw evidence of reviews being conducted.

The PSD manages the gifts and hospitality register. It authorises all gifts over £20 in value and where the gift is alcohol, money or items from companies tendering for work. The policy states that a senior PSD administrator should periodically review the register. But we found no evidence of any such review.

We found the workforce had some knowledge of these policies.

Sexual misconduct

The force recognises AoPSP as serious corruption. The force has delivered training on AoPSP for the entire workforce. Training is also provided to new recruits and new supervisors. The force recognised there was more to do to train existing supervisors. A first-line leadership programme, including for existing supervisors, has now been developed and is being rolled out over the course of 2023.

During our file review, we found four cases identified as AoPSP. All of these were referred to the Independent Office for Police Conduct.

The force has a matrix of 51 members of the workforce considered to be a risk for AoPSP. They are scored against ten criteria and ranked from high to low. Everyone identified from the file review as having an allegation of sexual misconduct had been included on the risk matrix.

Due to the force’s limitations with IT monitoring and the current ACU workload, there are no regular reviews of subjects on the risk matrix. Generally, reviews rely on new intelligence being received.

We found a good knowledge of AoPSP across the workforce.

Back to publication

A report into the effectiveness of vetting and counter-corruption arrangements in Humberside Police