A report into the effectiveness of vetting and counter-corruption arrangements in Staffordshire Police
About us
His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask, and publish the answers in accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.
1. Introduction
Vetting, IT monitoring and counter-corruption: adequate
In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.
Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.
The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern. The report will be accessible via a web link from the most recent force PEEL report.
In November and December 2022, we inspected Staffordshire Police to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. We didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.
This report sets out our findings. It includes areas for improvement identified at the time of the inspection that we recognise the force may have already addressed.
2. How effectively does the force vet its officers and staff?
Vetting authorised professional practice
In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.
The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.
Force vetting IT system
Staffordshire Police has been using a vetting IT system since 2016, but it doesn’t link with its HR system. To overcome this, the HR department gives regular updates to the force vetting unit (FVU). This helps the FVU keep track of internal moves, promotions and people leaving the force.
The vetting IT system has limited functions so the FVU uses spreadsheets to manage vetting. This includes identifying all vetting renewals two years in advance. The force is developing a business case for a new vetting IT system.
Current vetting of workforce
Staffordshire Police told us that as of December 2022, it had a total of 3,760 police officers, special constables, police staff and police community support officers.
The force told us there were 24 people in post (4 police officers and 20 police staff), without the correct level of vetting for their role because it had expired.
Demand and workload
There aren’t enough staff in the FVU to cope with the current demand. Staff in the FVU told us they prioritise vetting people when they are recruited, whether officers joining through the Police Uplift Programme, police community support officers or staff working in contact centres. The force monitors the average time the FVU takes to complete vetting cases. It told us this has increased from six to ten weeks. Other vetting tasks, such as vetting renewals, are falling behind. We identified one person whose vetting had expired in May 2021.
This problem is made worse by the FVU doing non-vetting work, such as managing notifiable associations, for example, if a member of staff had a family member with a criminal conviction. As we explain later in this report, this is a task better suited to the force’s anti-corruption unit (ACU). The FVU has an action plan to renew vetting more quickly, including filling a vacancy for a vetting researcher.
The force grants non-police personnel vetting (NPPV) clearance to contractors, volunteers and people who work in organisations that share police premises. The force uses a combination of the FVU and the police national vetting service hosted by Warwickshire Police to carry out NPPV checks.
The FVU doesn’t have a clear understanding of how many people still need NPPV clearance. The force told us that as of December 2022, 1,265 people had a valid NPPV and a further 2,844 had expired vetting.
This is 4,109 people in total, which far exceeds the number of non-police personnel. The FVU estimates that a substantial number of these expired cases are likely to be contractors or volunteers who no longer require vetting clearance. This shows the force isn’t maintaining accurate records for non-police personnel.
Staffordshire Police told us that in most cases its IT and estates department manage the process of removing building and IT access when no longer required. But some departments aren’t telling the FVU when contracts conclude or individuals leave the contracted company and no longer require vetting clearance. This means some people may still have vetting clearance when it should have been removed.
Designated posts
Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.
The force told us that as of December 2022 there were 665 posts on the list, of which 2 police officers and 12 members of police staff had expired MV.
The FVU hasn’t compared the list of designated posts with its vetting records. So it can’t be assured that every person on the list has the required level of vetting.
The head of vetting decides if any new posts created by HR should be included in the list of designated posts. The force last reviewed the list in 2021.
Generally, the force allows only police officers and staff with MV clearance to take up a designated post. HR gives the FVU advance notice of proposed internal moves. Occasionally, the force moves people into a designated post before MV is completed when there is a pressing organisation need.
We reviewed a selection of recent MV files. In each case the FVU had completed all the required minimum checks.
Transferees
Vetting APP allows forces to accept vetting clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring from another force with a current vetting clearance.
Staffordshire Police has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department (PSD) complaint and conduct history, as well as any counter-corruption unit intelligence, from all forces in which the individual has previously served.
Change of circumstances
The force has taken steps to improve the workforce’s awareness that they must report any changes of personal circumstances, for example, marital status, name changes or significant changes to personal finances. At the time of our inspection, the force had recently published a PSD newsletter and sent a force-wide email. The requirement is included in training for student officers and police staff. But the FVU receives a very small number of notifications that a person’s personal circumstances have changed. This suggests most of the workforce don’t know they have to report these changes.
When it receives a notification, the FVU conducts relevant vetting checks to identify risks and to decide if the person’s vetting status is affected.
PSD informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning.
Vetting decisions
Vetting researchers in the FVU conduct all relevant checks. They can grant clearance where no concerning adverse information is found. For cases with more concerning information, one of the vetting officers makes the vetting decision, recording the supporting rationale. In a small number of complex cases, the head of vetting makes the final decision and records their rationale.
The FVU regularly conducts interviews to clarify written responses in vetting applications.
Risk mitigation measures
The force regularly uses risk mitigation measures to support its vetting decisions. This includes restrictions on where people can be posted, monitoring applicants’ social media activity and regular reviews of applicants’ management of their finances. In some cases, the ACU agrees to monitor vetting applicants’ use of the force’s IT systems. This helps manage potential risks.
The ACU has shared the regional strategic threat assessment (STA) with vetting decision-makers.
Appeals and quality assurance
The head of PSD, or in some cases the head of vetting, handles appeals submitted by external applicants. The assistant chief constable chairs the appeals panel for internal candidates. The head of PSD and relevant departmental head or another nominated individual are on the panel.
Except for appeals, there is no process to quality assure vetting decisions where the process has revealed adverse information about the applicant or their family and friends. We encourage the force to address this.
Disproportionality
The APP states there is a risk that vetting has a disproportionate impact on underrepresented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.
The FVU records the results of all applications from people who declare a protected characteristic. However, Staffordshire Police only analyses decisions to identify potential disproportionality in relation to ethnicity. The FVU produces quarterly data comparing the results for people from different ethnic backgrounds and uses a College of Policing product to assess the data. This is encouraging as it helps the force understand the potential negative impact of its vetting decisions, but we urge it to extend this work to other protected characteristics.
Vetting file review
We asked a vetting specialist from another force to review 40 clearance decisions from the preceding 3 years related to police officers and staff who had previously committed criminal offences or that the force had concerns about. The files included transferee and recruitment vetting decisions.
The vetting specialist agreed with all but one of the force’s decisions, when they considered a potential risk factor wasn’t properly considered.
Generally, the force uses the vetting APP to guide its decisions. But the recording of its rationale would benefit from more detail and specific reference to the vetting APP and the National Decision Model.
This would help the force to take account of all identified risks when considering whether to grant clearance, and any potential mitigation. We noted more recent cases have greater levels of detail about the rationale. They also have better consideration of identifying and managing risk. We found evidence of the FVU using risk mitigation strategies, such as restricting where a person could be posted.
Area for improvement
The force should improve its vetting arrangements to ensure that:
- it has a clear understanding of the level of vetting required for all posts, and that all personnel have been vetted to a high enough level for the posts they hold;
- it has a clear understanding of the vetting required for all non-police personnel and that all non-police personnel have been vetted to a high enough level for their role;
- the vetting unit has sufficient staff to meet the demand it faces; and
- it analyses vetting data to identify, understand and respond to any disproportionality.
3. How effectively does the force protect the information and data it holds?
Lawful business and IT monitoring capability
IT monitoring software is being rolled out across all of the force’s IT systems and devices. The force told us it is due to be fully implemented by September 2023. In our file review we saw evidence of the force’s ability to audit IT use reactively.
But the force is missing out on opportunities to collect intelligence proactively. We strongly urge the force to develop its use of the software to allow it to conduct more proactive IT monitoring.
The IT department doesn’t consistently engage with PSD and ACU during the procurement process for new IT systems. This means it may not include suitable auditing functions or other measures designed to prevent and detect misuse. This is a missed opportunity.
IT monitoring policy
The force has a lawful business monitoring (LBM) policy for monitoring and recording staff communications, but it was written several years ago. Following the introduction of the monitoring software, the ACU wrote a standard operating procedure. The force should review the LBM policy to make sure it reflects the new standard operating procedure.
Digital device management
The force can attribute all mobile phones and tablets issued to individuals across the workforce. All desktop and laptop computers have a warning screen outlining the force’s LBM policy and stating the computer is for work purposes only. However, this warning has not been applied to all mobile devices.
The force is partway through the process of distributing new smartphones to its workforce. These are fully compatible with the force’s IT monitoring software. Up to 1,000 smart devices were issued prior to the implementation of the monitoring software and the IT department is working to make sure the software is activated on them. The ACU can reactively audit the devices that don’t have the monitoring software activated.
Information security – encrypted apps
The force has a social media policy and has shared it across the workforce. It provides guidance on the use of social media that includes the risks associated with its misuse. Officers and staff we spoke to were aware of the force’s expectations of them. Encrypted apps are not permitted on force devices.
The force policy on social media allows officers and staff to use some applications, such as video conferencing, on their own devices. This was necessary during the pandemic. Since the rollout of new laptops, these applications are accessible to all officers and staff via work devices. The policy should have been amended to reflect this change.
4. How well does the force tackle potential corruption?
Intelligence
Sources of corruption-related intelligence
The ACU receives corruption-related intelligence through Crimestoppers and has a confidential telephone line, but this is very rarely used. Members of the workforce showed good awareness of the two anonymous reporting lines.
Between 1 January 2020 and December 2022, there were 166 reports to the reporting lines. There were:
- 65 reports in 2020;
- 48 in 2021; and
- 53 in 2022.
We examined 60 corruption intelligence files. Over a third of the ACU’s counter‑corruption intelligence came from line managers and colleagues. Nine of these were reported through one of the confidential reporting lines. We saw intelligence received from other forces and the National Crime Agency. We didn’t see any cases of proactive intelligence collection.
Police corruption categorisation
The force correctly categorises intelligence in line with the counter-corruption APP.
Partnership working to identify potential corruption
The force has developed working relationships with agencies and organisations who support vulnerable people, for example partners in the multi-agency safeguarding hub.
The force has planned a programme of engagement events with external organisations. The most recent of these 4 weeks before our inspection was attended by over 100 people. The force adapted its internal training material on maintaining professional boundaries for the external audience. The ACU has already received one referral from an external agency because of this training.
At the time of our inspection, the force had recruited a prevention officer to further support anti-corruption work. However, due to other demands, they weren’t able to dedicate all their time to the role. The force recently told us the officer is now dedicated solely to prevention work.
Identifying corruption threats
Counter-corruption strategic threat assessment
The force doesn’t have a local counter-corruption STA. The ACU instead uses the regional STA. The two main risks for Staffordshire Police are sexual misconduct and inappropriate associations.
The ACU shares an edited version of the regional STA with managers, but not the wider workforce. However, the ACU uses poster campaigns to publicise the force’s corruption threats.
Counter-corruption control strategy
The force has a counter-corruption control strategy based on the 4P-approach (pursue, prepare, protect and prevent). But the measures in place to identify the identified corruption threats vary in detail. The strategy would be improved if there was a consistent level of detail recorded for each threat.
Implementation plan
Both corruption threats identified in the control strategy are considered in the force’s implementation plan. This is also structured using the 4P-approach. There is a designated person responsible for each task. But the tasks don’t all have timescales for completion. The ACU detective inspector chairs a monthly meeting to review progress.
Managing corruption threats
Intelligence development
We reviewed 60 corruption intelligence case files. In 46 cases the ACU responded effectively.
In three cases the ACU had completed very thorough and complex investigations, using covert tactics effectively. One of these cases was so complex that the ACU used the Home Office large major enquiry system (HOLMES) system to manage the investigation.
There were 14 cases with missed opportunities. Of these, 11 were missed opportunities in the development of the intelligence. We identified a further three cases where the ACU investigator should have done more.
Identification of those who pose a corruption risk
The force has an established meeting chaired by the deputy chief constable at which senior managers from PSD, ACU, HR, FVU and corporate communications share information about members of the workforce to identify any corruption risks.
The ACU has combined various corruption risk categories into a single register. The force uses this to monitor those who potentially pose a corruption risk. The matrix categorises each individual case as low, moderate, or high risk. ACU staff create investigation plans for those assessed as high and medium risk. We examined the register and found it is well maintained.
Capacity and capability to investigate corruption
The ACU has recruited five additional members of staff. The staff have a wide range of backgrounds to support their investigations. They have the required skills and understanding of the tactics available to undertake counter-corruption investigations.
The force told us there were four detectives; four investigative support officers; two analysts; and an exhibit/disclosure officer. Most staff within the ACU have completed the College of Policing’s recognised counter-corruption course.
It isn’t clear if the force will have sufficient resources to manage the demand when its IT monitoring capability is fully functional. Senior officers in the ACU are aware of this and told us they intend to monitor the workload.
Specialist resources
The ACU can access specialist resources when required. The National Crime Agency and regional organised crime unit have provided staff for covert investigations. During our file review we saw specialist officers from another force were deployed to covertly investigate a corruption case.
Policies designed to prevent corruption
Clear and concise corruption prevention policies help to guard against corrupt activity, but can’t guarantee to prevent corruption, or in themselves stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.
The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. Our inspectors examine their policies in these areas:
- Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators, or members of extremist groups. They should require the disclosure by officers and staff of such associations.
- Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
- Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts and/or hospitality.
In Staffordshire Police, the policy and register for notifiable associations are managed by the FVU. The process is not being managed effectively. There is a particularly large number of reports that haven’t been researched or audited. The force is using untrained vetting staff to conduct basic audits, rather than trained corruption investigators using specialised IT monitoring. This means some corruption risks could be missed.
HR is responsible for the policy covering business interests. Applications to have a business interest are considered by the head of PSD. The register isn’t accessible to PSD or ACU. The force hasn’t carried out performance reviews since 2018. This means line managers may not be aware if their staff have a business interest.
The process for renewing a business interest approval has been changed without updating the policy. Volunteer roles aren’t included in the policy, but we found evidence of people declaring them.
The force told us that as of December 2022, there were 521 approved business interests. The head of PSD had placed conditions on 38 of these.
In the previous year, four applications for business interest approval were refused. Currently, the force doesn’t check the conditions it has applied to business interest approval or those it has refused. This means the force can’t be confident that everyone is complying with business interest decisions.
The ACU is responsible for managing the gifts and hospitality policy and register. The policy is dated October 2017 and is overdue a review. The register is contained on the Lotus Notes application. Some members of the workforce can’t access Lotus Notes, however all supervisors can. The number of entries on the register is extremely low, with just 10 entries between 1 January 2020 and December 2022. Of these, four entries were made by one department.
Generally, we found members of the workforce had a good understanding of these counter-corruption policies. But some lacked a clear understanding of what type of relationship would constitute a notifiable association. The workforce lacked a clear understanding of their responsibility to declare lower value gifts.
Sexual misconduct
The force recognises abuse of position for a sexual purpose (AoPSP) as serious corruption. We found the ACU records such cases correctly and it consistently refers them to the Independent Office for Police Conduct.
The PSD and ACU provide training to all officers and staff, including new recruits and those on promotion courses. This is supplemented with poster campaigns and messages on TV screens across the force. We found a good knowledge of AoPSP across the workforce.
We found one case where the ACU had developed corruption intelligence that led to a PSD investigation. However, the AoPSP element of the intelligence was overlooked.
In one case we reviewed there were instances of sexual misconduct intelligence which the ACU didn’t develop beyond the scope of the initial allegation. In each instance, the alleged behaviour was directed at colleagues within the workplace. The force didn’t consider the wider risk to the public.
Area for improvement
The force should improve how it collects, assesses, develops and investigates counter-corruption intelligence by ensuring that:
- it produces a comprehensive annual counter-corruption strategic threat assessment, control strategy and implementation plan with accountable action owners, and uses them to identify and manage corruption threats effectively;
- it carries out proactive intelligence collection and accurately assesses all corruption-related intelligence; and
- it has current policies relating to notifiable associations, business interests and gifts/hospitality and implements them effectively to identify and manage corruption threats.