A report into the effectiveness of vetting and counter-corruption arrangements in Warwickshire Police
Contents
Print this document
About us
His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) independently assesses the effectiveness and efficiency of police forces and fire and rescue services, in the public interest. In preparing our reports, we ask the questions the public would ask and publish the answers in an accessible form. We use our expertise to interpret the evidence and make recommendations for improvement.
1. Introduction
In September 2021, we changed the way we report on how effectively forces manage vetting and counter-corruption.
Previously, we inspected these areas as part of our police effectiveness, efficiency and legitimacy (PEEL) programme and provided our findings in the inspection report.
The new arrangements mean we will inspect each force separately to PEEL, although we will continue to use the same methods and produce a report containing our findings, graded judgments and any areas for improvement or causes of concern.
Warwickshire Police is adequate at vetting, IT monitoring and counter-corruption.
In April 2023, we inspected Warwickshire Police to examine the effectiveness of the force’s vetting, IT monitoring and counter-corruption arrangements. We briefed senior personnel in the force at the end of the inspection. It should be noted that we didn’t gather evidence during our inspection in relation to the wider culture of the workforce. We didn’t assess the overall leadership of the executive team and senior managers in setting expectations and standards across the organisation.
This report sets out our findings. It includes areas for improvement identified at the time of the inspection, which we recognise the force may have already addressed.
2. How effectively does the force vet its officers and staff?
Vetting authorised professional practice
In 2021, the College of Policing published the authorised professional practice (APP) on vetting. The APP explains the role of vetting in assessing the suitability of people to serve in the police service, as a police officer, special constable or member of staff. It sets out the minimum standards that should be applied for each clearance level. It also lists the minimum vetting checks that should be undertaken on the applicant, their family and associates. The APP has a large section providing guidance on assessing threat and risk in relation to vetting decisions.
The vetting APP applies to the police forces maintained for the police areas of England and Wales as defined in section 1 of the Police Act 1996.
Warwickshire Police’s national role in vetting
The chief constable of Warwickshire Police is the National Police Chiefs’ Council lead for vetting. On behalf of the National Police Chiefs’ Council, the force provides the police national vetting service (PNVS). The force vetting unit (FVU) carries out vetting enquiries and makes vetting decisions for non-police personnel, such as contractors who operate in multiple forces across the UK. This service is also available to forces allowing them to commission Warwickshire Police to manage their local non-police personnel vetting (NPPV) arrangements. Due to its national responsibilities, Warwickshire Police’s FVU is far larger than FVUs in similar-sized forces. It has 6 vetting supervisors and 55 vetting case officers.
In March 2021, the force successfully applied for accreditation from the International Organization for Standardization for the management of its vetting arrangements.
Force vetting IT system
Warwickshire Police has been using an established vetting IT system for about 15 years. The IT supplier often uses the force to test new versions of its software. The IT system doesn’t link with the force’s HR system. To overcome this, HR sends individual email updates to the FVU to notify it of any internal moves, promotions and people leaving the force.
Current vetting of the workforce
Warwickshire Police told us that as of April 2023, it had a total of 1,985 police officers, special constables, police staff and police community support officers.
The force told us there were just two people in post without the correct level of vetting for their roles because it had expired. Both people were on long-term sickness absence. The force has a process in place to make sure their vetting is renewed as soon as they return to work.
The vetting IT system alerts the FVU 99 days before renewals are due, prompting the unit to send out application documents. The force has reduced the renewal periods for recruitment vetting from ten to nine years, with reviews at the three and six-year stages. This is a shorter renewal period than the vetting APP requires.
Demand and workload
The force has enough staff in the FVU to cope with current demand. The FVU has comprehensive processes in place to predict future demand, including that related to the PNVS. The force vetting supervisor maintains a plan of predicted recruitment dates for various roles one year in advance. This includes the expected number of officers joining through the Police Uplift Programme. The FVU considers this information alongside data on future renewals. It brings some renewals forward to keep a more balanced workload throughout the year. The FVU also consults with departments that are planning larger intakes to make sure the vetting process is completed in manageable stages.
There are several vetting case officers working on the PNVS. The force vetting manager uses them to assist with force vetting at times of peak demand.
The force grants NPPV clearance to contractors, volunteers and people who work for organisations that share police premises. Warwickshire Police’s vetting IT system contains over 54,000 current NPPV records. The majority of these relate to the PNVS. The force told us it has records of all vetting expiry dates mapped out for the next seven years. The FVU has a robust process where vetting clearance is immediately cancelled if the contracting company doesn’t submit an NPPV renewal application. For Warwickshire Police officers, staff and local contractors, there is also a process in place to immediately deactivate people’s building and IT access.
Designated posts
Some police roles have access to more sensitive information and require a higher level of vetting known as management vetting (MV). The extent to which the role requires working with vulnerable people is also a factor for forces to consider when deciding if a role requires MV. The vetting APP states that forces should keep a record of all MV roles on a designated posts list.
Warwickshire Police manages its MV processes effectively. It maintains a designated posts list. The FVU was confident that it had identified every role that requires MV. The FVU recently reviewed the list as part of a force change programme and compared it with data held on the vetting IT system. This gave the FVU a clear understanding of who occupies all its designated posts and their level of vetting.
The force told us that as of April 2023, the FVU had a list of 849 police personnel with current MV clearance (445 officers and 404 police staff). None of its designated post holders had expired MV.
Generally, the force doesn’t post people into MV roles without the required clearance. HR shares information with the FVU to track any moves or promotions into designated posts. The FVU is consulted if new roles are created that may need to be added to the designated posts list. The FVU told us that it would only rarely move people into MV posts without MV clearance.
Where MV is completed, the FVU carries out all the required minimum checks.
Transferees
The vetting APP allows forces to accept vetting clearance from another force if it is no more than one year old. But many forces choose to vet officers and staff new to their organisation, even if they are transferring from another force with a current vetting clearance.
Warwickshire Police has chosen to vet all transferees and those who have left the service and applied to rejoin. The FVU requests a professional standards department (PSD) complaint and conduct history as well as any anti-corruption unit (ACU) intelligence from all forces in which the transferee has previously served.
Change of circumstances
The force has taken steps to improve the workforce’s awareness in that they must report any changes in personal circumstances, for example, marital status, name changes or significant changes to personal finances.
Warwickshire Police’s PSD gives new recruits guidance about reporting changes. The force also provides advice on its intranet about changes in circumstances. The PSD has produced a booklet, which includes a section on vetting.
In 2022, the force introduced an integrity health check questionnaire. It specifically asks staff about any changes in their personal circumstances. At the time of our inspection, the force told us that every member of the workforce had completed this questionnaire.
The workforce understands when to report changes in circumstances, but we found some people who believed it was enough to only report changes to the HR department, meaning the FVU may not always be aware of them.
When it receives a notification, the FVU conducts relevant vetting checks to identify risks and to decide if the person’s vetting status is affected.
The PSD informs the FVU of all misconduct meeting or hearing outcomes. The FVU complies with the APP requirement to review a person’s vetting status if misconduct proceedings result in reduction in rank, written warning or final written warning. The force showed us an example of a very detailed review where an officer was reduced in rank but retained vetting clearance with some mitigation measures put in place.
Vetting decisions
Vetting case officers in the FVU conduct all relevant checks. They make the vetting decision and record the supporting rationale. In more complex cases, the case officers consult with the vetting supervisor, who sometimes makes the final decision and records their rationale. We found a small number of cases where the head of vetting or the head of the PSD made the vetting decision.
The FVU regularly conducts interviews to clarify written responses in vetting applications. The FVU only supplies copies of the interview notes to the applicant if specifically requested.
Risk mitigation measures
The force sometimes uses risk mitigation measures to support its vetting decisions. This includes restrictions on where people can be posted, checking their use of the force’s IT systems and regular reviews of applicants’ management of their finances.
The FVU, ACU and HR sometimes work closely when considering the use of risk mitigation measures. But in one case, we found that an officer had been posted to a location that had previously been identified as unsuitable. The force acknowledges it doesn’t have a consistent process to oversee the risk mitigation measures it has put in place to help manage potential risks.
The force produces a counter-corruption strategic threat assessment (STA) annually, which outlines the current threats it faces. There is no established process for the ACU to share the STA with the FVU. We encourage the force to make sure vetting decision-makers are fully aware of the current corruption threats.
Appeals and quality assurance
The deputy chief constable handles vetting appeals, and appeal panel members provide advice to them. The force told us the panel includes:
- the head of the PSD;
- the chair of the force’s strategic independent advisory group; and
- the joint chair of the force’s ethnic minority staff network.
The ethnic minority staff network joint chair also works in the HR department. While their role on the panel isn’t in an HR capacity, this could still create a potential conflict of interest.
The deputy chief constable makes the final appeal decision and, in conjunction with the vetting supervisor, records a rationale in each case.
A similar appeals process is in place for NPPV decisions made as part of the PNVS. In this case, the head of the PSD handles the appeal and records the rationale for their decision.
The force currently has limited measures in place to quality assure vetting decisions where the process has revealed adverse information about the applicant or their family and friends. The force has recently extended the role of the training officers in the FVU to carry out this quality assurance.
Disproportionality
The APP states there is a risk that vetting has a disproportionate impact on under‑represented groups. Furthermore, it requires forces to monitor vetting applications, at all levels, against protected characteristics. This is to understand whether there is any disproportionate impact on particular groups. Where disproportionality is identified, forces must take positive steps to address this.
Warwickshire Police’s FVU records the results of all applications from people who declare a protected characteristic. The force monitors rejection rates across a wide range of protected characteristics. It uses analytical tools to assess the data. At the time of our inspection, the force was still developing its analysis of disproportionality for rejected cases. We would encourage the force to continue to develop this analytical work to fully understand the reasons for any disproportionality in vetting decisions.
Vetting file review
We reviewed 40 vetting clearance decisions from the preceding 3 years with a vetting specialist from another force. These files related to police officers and staff who had previously committed criminal offences or those that the force had other concerns about. The case file review included transferee and recruitment vetting decisions.
We agreed with most of the force’s decisions. But we disagreed with seven of them. We found cases, mostly appeal decisions, where the recorded rationale didn’t have enough detail. We weren’t convinced that the force had sufficiently considered all the identified risk factors.
Two of these appeal decisions were made after the publication of our thematic report An inspection of vetting, misconduct, and misogyny in the police service. In that report, we recommended that all vetting decisions (refusals, clearances and appeals) should be supported with a sufficiently detailed written rationale.
Vetting decision-makers, including those handling appeals, should make more specific reference to the vetting APP and the national decision model. This would help them to account for all identified risks and any potential mitigations.
Area for improvement
The force should improve its vetting arrangements to make sure that:
- when concerning adverse information has been identified during the vetting process, all vetting decisions (refusals, clearances and appeals) are supported with sufficiently detailed written rationale; and
- when granting vetting clearance to applicants with concerning adverse information, the force vetting unit creates and implements effective risk mitigation strategies, with clearly defined responsibilities and robust oversight.
3. How effectively does the force protect the information and data it holds?
Lawful business and IT monitoring capability
When we inspected Warwickshire Police in 2018/19, we identified the lack of IT monitoring as an area for improvement.
The force is in the process of purchasing IT monitoring software. At the time of our inspection, the force told us this had been delayed, but it expected the software to be installed imminently. The force is still unable to monitor the workforce’s use of its IT systems.
The force can audit the main IT systems but, in some cases, the ACU has to work with other departments to do so. This means its investigations are at risk of compromise.
We examined 60 corruption intelligence files. We found effective use of reactive auditing in most cases. But the absence of an IT monitoring capability restricts the scope of some investigations.
Generally, the ACU has sufficient resources to meet current reactive demand. But the force acknowledges it will need more staff when it introduces its IT monitoring.
The IT department doesn’t consult with the PSD or ACU when procuring new IT systems. This means they may not include suitable auditing functions or other measures designed to prevent and detect misuse. We urge the force to make sure future IT procurements are developed in consultation with the ACU.
IT monitoring policy
The force has a lawful business monitoring policy for monitoring and recording staff communications. The policy is available on the force intranet, but it has limited detail. The policy doesn’t mention corruption. We urge the force to review the policy.
Digital device management
The force can attribute all mobile phones and tablets issued to people across the workforce. The IT department is updated when a mobile device is returned and reallocated. When the force introduces new IT monitoring software, it should allow monitoring of mobile devices.
Information security – encrypted applications
The force has a comprehensive social media policy. It has shared it across the workforce. It provides guidance on the use of social media that includes the risks associated with its misuse. The force allows reasonable personal use of work‑issued mobile phones. The policy reminds staff that they should have no expectation of privacy.
Encrypted applications aren’t permitted on force devices without authorisation. The authorisation procedure doesn’t involve the ACU or PSD. The ACU doesn’t know who the authorised users are, which it should. The force should reassure itself that it fully understands the risks of having encrypted apps on its devices and takes steps to mitigate these risks.
Area for improvement
The force should make sure it introduces IT monitoring so that it can monitor all use of its IT systems to support counter-corruption investigations and proactively gather intelligence.
4. How well does the force tackle potential corruption?
Intelligence
Sources of corruption-related intelligence
The force has Crimestoppers two-way reporting as its confidential reporting system. Between 1 January 2020 and 31 December 2022, the force’s confidential reporting line received 127 reports:
- 20 reports in 2020;
- 64 reports in 2021; and
- 43 reports in 2022.
We examined 60 corruption intelligence files and found that the confidential reporting line was an effective intelligence source. We also saw intelligence reported by colleagues, the public, the National Crime Agency and line managers.
We found four cases identified by proactive intelligence collection.
Warwickshire Police has introduced Operation Amethyst, which is an awareness‑raising campaign focused on addressing both inappropriate and unacceptable behaviour within the force. As part of this, several people across the force have been given specific training so that members of the workforce and external agencies can report misconduct to them in confidence.
Police corruption categorisation
The force correctly categorises intelligence in line with the counter-corruption APP.
But during our file review, we found examples of sexual misconduct records being duplicated. This was to make sure people were included on the force’s newly introduced sexual misconduct matrix. We would urge the force to review this process, as it is producing misleading data. This can affect the accuracy of local, regional and national counter-corruption STAs.
Partnership working to identify potential corruption
The force has developed working relationships with agencies and organisations that support vulnerable people, to help identify potential abuse of position for a sexual purpose (AoPSP).
The force held a face-to-face event with a variety of agencies and organisations. It was followed up with another event six months later. There was also a recent event specifically for agencies working with victims of domestic abuse.
Identifying corruption threats
Counter-corruption STA
The force has a current counter-corruption STA. It identifies the three main corruption risks facing the force and highlights emerging threats.
The strategic priorities are published on the force’s intranet. But, as we stated earlier, the FVU isn’t specifically briefed on the threats and risks contained in the STA.
Counter-corruption control strategy
The force has a counter-corruption control strategy based on the national intelligence model’s prevention, intelligence, engagement and enforcement format. It clearly sets out the force’s approach to counter the priorities identified in the STA.
Implementation plan
The ACU doesn’t have a plan to introduce measures to address the threats identified in the STA. Without this, there is no clear understanding of who is responsible for addressing the risks identified or the timescales outlined for when the work needs to be completed.
Managing corruption threats
Intelligence development
We reviewed 60 corruption intelligence case files. In most cases, the ACU responded effectively with good supervisory oversight.
Mostly, we found the investigations to be thorough. But we found 13 cases where the ACU had missed opportunities to develop the intelligence further and mitigate corruption risks.
We found four cases where intelligence resulted from proactive checking of high use of work phones and email keyword searches.
Identification of those who pose a corruption risk
The PSD meets monthly with local commanders. But the force doesn’t have an established people intelligence meeting attended by senior managers from local policing areas, HR, finance, legal services and training.
The force has recently created a risk matrix to monitor staff who have been identified as posing a risk of AoPSP. The ACU categorises each person as low, medium or high risk. People on the matrix are subject to regular checks.
Capacity and capability to investigate corruption
The ACU is a small team comprising a detective sergeant, three well-trained experienced detectives, an analyst and an intelligence assistant. The analyst post is shared with the PSD, and the split is 80:20 in favour of the PSD. This means there is little time for the analyst to support ACU investigations.
There is no dedicated detective chief inspector or detective inspector for the ACU, as both posts are shared with the PSD. This means they are only able to provide limited leadership and investigatory oversight to the ACU.
Due to the workload and lack of IT monitoring capability, there is limited opportunity for the ACU to gather corruption-related intelligence proactively.
Specialist resources
ACU senior managers are experienced detectives with good operational knowledge of covert tactics. The force told us that access to covert resources could be requested from the regional organised crime unit.
We didn’t identify any missed opportunities to use covert tactics in support of corruption investigations.
Policies designed to prevent corruption
Clear and concise corruption prevention policies help to guard against corrupt activity but can’t guarantee to prevent corruption or, in themselves, stop corrupt practice. They provide guidance on how police officers and staff should behave. They should clearly state what is expected of members of the workforce and what actions they should take to protect themselves and the organisation from corruption.
The counter-corruption (prevention) APP sets out what policies forces should have and gives guidance on their content. We examined the force’s policies in these areas:
- Notifiable associations: policies should cover how the force should manage the risks related to officers and staff who may associate with, for example, criminals, private investigators or members of extremist groups. They should require the disclosure by officers and staff of such associations.
- Business interests: policies should state when the force should allow or deny officers and staff the opportunity to hold other jobs. They should explain how the force will manage the risks that arise when officers and staff are allowed to hold them.
- Gifts and hospitality: policies should cover the circumstances in which police officers and staff should accept or reject offers of gifts or hospitality.
The force’s policies reflect APP guidance. But we did see some areas where they could be improved.
The ACU records individual notifiable associations on its intelligence system. Staff categorise each case as low, medium or high risk. However, there is no central register listing all the force’s recorded notifiable associations. In addition, the ACU doesn’t have enough staff to routinely check compliance with any conditions that are attached to notifiable associations.
The ACU is responsible for the management of business interests and records them on a register. Members of the workforce submit business interests through an online form, and these are endorsed by line managers. The force has approved 311 business interests. Since 1 January 2022, it has refused nine business interests.
The force’s business interest policy doesn’t include all the activities we would expect. For example, volunteer work isn’t considered a business interest. It should be. We urge the force to address this.
All approved business interests that we reviewed had conditions attached. Most conditions were generic and could have been included in the policy. This would allow business interests with specific conditions to be more easily monitored. We suggest the force changes its policy to allow this. There was no evidence that the force checks compliance with business interest conditions.
The force requires officers and staff to report any gifts or hospitality they are offered. The ACU maintains a gifts and hospitality register. There are numerous entries, many with detailed information about the gift or hospitality and an explanation of the circumstances in which it was received. The policy allows acceptance of gifts under £20 in value but states all gifts need to be declared to the head of the PSD.
The head of the PSD decides whether a gift can be accepted. If a gift isn’t approved for acceptance, the line manager is responsible for making sure the team member disposes of the gift appropriately. There is no procedure to confirm whether this takes place.
We found the workforce had good knowledge of these policies.
Sexual misconduct
The force recognises AoPSP as serious corruption and refers cases to the Independent Office for Police Conduct.
When the force has an AoPSP case, the ACU speaks to other vulnerable people the person has been in contact with to assess their behaviour. However, the ACU doesn’t routinely widen the scope of the investigation to identify any additional inappropriate behaviour by the person in the workplace.
The force has delivered training on AoPSP for the entire workforce. The College of Policing training is mandatory for all staff. Training is also given to new recruits and new supervisors. The force recognises there is more to do to train existing supervisors. The force supports this training with poster campaigns and intranet articles publishing the outcomes of gross misconduct hearings.
We found a good knowledge of AoPSP across the workforce.
Area for improvement
The force should improve how it collects, assesses, develops and investigates counter-corruption intelligence by making sure that:
- its annual counter-corruption strategic threat assessment and control strategy have an implementation plan with accountable action owners and that the force uses these processes to identify and manage corruption threats effectively;
- its counter-corruption unit has sufficient resources and suitably trained staff to meet demand and allow for proactive intelligence collection; and
- it carries out effective assessment and development of intelligence, including routine widening of enquiries into internal improper behaviour and checking of compliance when specific conditions are attached to notifiable associations and business interests.