Post office governance

The Post Office Horizon Scandal – lessons for directors

Karl West explores this long-running scandal, which is not only a monumental miscarriage of justice but also a wakeup call for directors in their oversight of technology.


A case like the Post Office Horizon IT scandal, which spans more than two decades and has been described as “the most widespread miscarriage of justice in UK history”, is complex and involves many different players.

And yet, when it is stripped back to its foundations, it is a case that is built on a failure of governance by successive boards of Post Office Limited (POL).

Initially, it was a lack of interrogation of the information, misplaced trust in a shiny new IT accounting system and the onerous penalties dished out to those subpostmasters who were flagged by the system. POL’s position became entrenched and soon snowballed until it was too late to admit that, maybe, it got it wrong – even in the face of mounting evidence that the IT system was full of bugs and errors.

Instead of slamming on the brakes, POL and its board doubled down, which led to further flouting of good governance principles. This included covering up and destroying evidence, racial profiling of those it was seeking blame and then rewarding senior executives with large bonuses for complying with the statutory Inquiry into their own organisation’s bad behaviour.

In this blog we will take a look at the background, highlight some of the more glaring governance failures and outline some of the preliminary lessons that directors can learn from the scandal.


In 1999, POL began to automate previously manual accounting with the introduction of the Horizon IT system, which was developed by Fujitsu.

Soon after, subpostmasters and other staff at Post Office branches began to experience unexplained financial losses. POL blamed the subpostmasters, accusing them of theft and false accounting, which led to more than 700 Post Office branch managers being handed criminal convictions between 2000 and 2014. Many more had to pay back the unexplained losses.

A 2009 investigation by Computer Weekly magazine highlighted the emerging scandal.

In December 2019, the High Court ruled that Horizon contained a number of “bugs, errors and defects” and there was a “material risk” that shortfalls in Post Office branch accounts were caused by the system.

Justice Fraser, the High Court judge, said that POL’s approach to some of the evidence in the trial “. . . demonstrates a simple institutional obstinacy or refusal to consider any possible alternatives to their view of Horizon, which was maintained regardless of the weight of factual evidence to the contrary … It amounts to the 21st century equivalent of maintaining that the earth is flat.”

In April 2021, 39 former subpostmasters had their convictions quashed at the Court of Appeal, in a case that built on the 2019 High Court judgements. The court concluded that POL should not have prosecuted them in the first place and found its conduct “an affront to the conscience of the court”.

It is worth remembering that at least 60 subpostmasters have died without seeing justice or compensation, and at least four took their own lives, since the start of the scandal. Many more have been made bankrupt, seen marriages destroyed and lost friends and family.

The Post Office Horizon IT Inquiry

The Inquiry was established in non-statutory form on 29th September 2020. It was converted to a statutory inquiry on 1st June 2021.

It is led by retired high court judge, Sir Wyn Williams, who is tasked with ensuring there is a public summary of the failings which occurred with the Horizon IT system.

The Inquiry will also consider whether POL has learned the lessons and embedded the cultural change necessary from the findings in Justice Fraser’s judgments and the impact on affected postmasters.

Phase 4 of the Inquiry is currently being heard at Aldwych House, London. It is expected to wrap up and produce ‘recommendations for the future’ in mid-2024.


Companies House records show POL had a total of more than 80 directors between 2000 and 2023. Many of these were high profile businessmen and women who work at large listed companies and would have had, in theory at least, a very good grasp of the latest governance principles.

So, it is troubling to see so many failures of corporate governance and it begs the question, why did none of those more than 80 directors probe or challenge the institution’s narrative on Horizon, even in the face of overwhelming evidence to the contrary?

Under section 172 of the Companies Act 2006, company directors have a legal “duty to promote the success of the company”. Additionally, the UK Corporate Governance Code (UKCGC) 2018 notes that “All directors must act with integrity, lead by example and promote the desired culture.”

POL is not a London-listed company. Its sole shareholder is the UK Government, which has a non-executive director (NED) seat on the POL board and sits on its audit and risk committee and the remuneration committee.

The former Department of Business, Energy and Industrial Strategy (BEIS) defined the purpose of its representative on the POL board in a submission to the Select Committee Enquiry 2020 as: “The NED’s role is to challenge management, including the CEO, on financial and operating issues and the strategy to execute the company’s objectives. The Shareholder representative liaises with the BEIS Partnerships Team on governance matters.”

So, even though POL is not listed, its shareholder (Government) had a clearly stated view that good standards of corporate governance are of the utmost importance.

Nicholas Gould at Aria Grace Law said in his submission to the Horizon IT Inquiry: “I suggest the failure of the board of directors of POL around the matters described, has become embedded in the culture of the company. Did these failures start 10 years ago, 20 years ago, or earlier? Tracy Felstead was wrongly convicted and wrongly jailed as a teenager in 2002…Corporate governance and the duties of directors, or an inability to comply with them, wrecked lives and worse.”

Lack of disclosure

During the 2021 Court of Appeal hearing it emerged that POL had agreed to set up a central disclosure hub, which would allow the Post Office to share any problems with Horizon to the prosecutors, who were busy taking subpostmasters to court.

Bosses set up weekly meetings to discuss progress but after the third meeting an order was made to destroy evidence of them, the court heard.

POL’s legal adviser wrote: “An instruction was then given that those emails and minutes should be, and have been, destroyed. The word ‘shredded’ was conveyed to me. Handwritten minutes were not to be typed and should be forwarded to the Post Office’s head of security [John Scott].”

He said he was told that “if it’s not minuted, it’s not in the public domain and therefore not disclosable” and that “if it’s produced it’s available for disclosure”.

Scott, a former police officer, said he did not recall giving his staff the instruction to delete or shred documents.

He also told the court that by telling staff to keep handwritten notes he was following orders from his line manager, Susan Crichton, former general counsel at the Post Office, in order to reduce the risk of the documents being widely circulated or disclosed publicly.

The court heard that Crichton wrote an email to Scott to say she had received “very worrying feedback” that meetings were “not being chaired, the participants are unclear as to its purpose and no minutes are being kept”.

Scott replied the following day to say he had been briefed by her to keep the meetings “under the radar” and that she “did not want any electronic communication which may be subject to [a Freedom of Information request] or disclosure”.

The lawyer acting for subpostmasters told the court: “What we have is a disclosure system set up and we see the Post Office reaction to it is one of dishonesty and destruction and shredding of documents, and you cannot see this any other way.”

Gould at Aria Grace Law said in his submission to the Horizon Inquiry: “A cover up of key facts and key information, which knowingly left people as convicted criminals for years, hardly sit well with concepts of corporate governance. Such behaviour should form no part of the duties of directors, individually, or as a board.”

Racial Profiling

In May 2023, a Freedom of Information request by campaigner, Eleanor Shaikh, unearthed a Post Office document that used offensive and racist terms to categorise subpostmasters under investigation. The document had not been given to the Horizon Inquiry, despite its obvious importance.

The document, which was published between 2008 and 2011, included the term “negroid types”, along with “Chinese/Japanese types” and “dark skinned European types”.

The guidance required POL investigators to give sub-postmasters under suspicion a number, according to their racial background.

Gould at Aria Grace Law said: “Either the board knew over those years the profiling was in place, in which case why was it allowed to continue, or it didn’t know, in which case why not?

“POL has never explained the purpose of these racial categorisations, or what the profiling was used for.”


Those who oppose the progress made with rolling out higher standards of boardroom conduct might argue that the past actions, or inaction, of the POL board are being judged by today’s standards.

But such a view is less credible when we consider the evidence of POL’s continuing governance mis-steps – particularly the recent ‘Bonusgate’ controversy.

In 2023, it emerged that about £1.6m in bonus payments had been made to POL executives. The Horizon Inquiry was one of four “metrics” on which bonus payments were awarded, with each accounting for 25%.

The Post Office admitted it had made mistakes in its handling of the process and 33 employees voluntarily handed back a total of £64,252 in bonuses awarded in relation to a specific sub-metric linked to cooperating with the Inquiry.

In August 2023, Nick Read, chief executive of POL, said he would return all of his bonus payment for work related to the Horizon Inquiry.

Read was paid a total bonus of £455,000 last year, including £54,400 for his part in cooperating with the Horizon Inquiry.

In May, he agreed to pay some of that back – £13,600. But, under increasing pressure from campaigners, politicians and the head of the Inquiry, he agreed to return the remaining £40,800.

Sir Wyn Williams rebuked POL and questioned the awarding of the bonus before the Inquiry had yet concluded.

Darren Jones, the Labour chair of the Business and Trade Select Committee, said: “The Post Office is still failing to recognise that the entire bonus scheme as it related to the statutory inquiry was wrong.”

“Following my repeated requests, I’m pleased that the CEO of the Post Office has decided to return all of the bonus payments he received in respect of the statutory inquiry into the Post Office-Horizon scandal.”

“The Post Office’s engagement with a statutory public inquiry should never have needed bonus incentives for senior executives to do their day job, for which they are already paid.”

Jones called for 100% of the bonus payments to be returned by all senior executives, and asked them “to apologise for the morally bankrupt bonus scheme having ever existed in the first place”.

Gould at Aria Grace Law noted in his recent submission to the Horizon Inquiry that this was “a clear example of a continuing failure of governance”.

Disclosure Difficulties

Another recent governance issue has seen Sir Wynn Williams threaten POL with criminal sanctions over late disclosure of information to his Inquiry.

In July, the Post Office’s late filing of more than 4,000 documents the evening before Gareth Jenkins, a former IT chief at Fujitsu, was due to give evidence to the inquiry, led to the proceedings being adjourned for a few weeks.

Williams said that requests for evidence from POL would be mandated by law, with a maximum penalty of 51 weeks’ imprisonment for non-compliance. The decision highlighted the inquiry chair’s frustration over POL’s handling of the scandal.

Williams called POL’s disclosure failure “grossly unsatisfactory” and said that action was needed to “guard against the possibility” that some representatives were “unwilling or unable to comply strictly with requests”.


What started as a ‘teething issue’ – a glitch in a new IT system – was allowed to snowball until it consumed the lives of hundreds of POL subpostmasters and staff, and severely damaged the reputation of the organisation.

Aside from the obvious human costs, the financial impact of the scandal is huge. A new government compensation scheme was opened in March for claims to replace the old one, after criticism that some victims had been forced to use their settlements to cover their legal costs.

POL has paid out around £100m in compensation under previous schemes and it is still unclear how many people are eligible for further payments. The government has set aside an eye watering £1bn in total compensation.

There are a great many lessons directors can take from the debacle – particularly as businesses enter the age of artificial intelligence, with all the promise and potential pitfalls that presents.

When looking back over the long history of this scandal, an obvious question arises. Where was the board? Why did it not prevent the management team from continuing to dig a hole for the organisation? Why did it not insist that the underlying issues were dealt with in an effective and transparent way?

An insight into the attitude of the management and the board is perhaps provided by the statement that Paula Vennells, CEO of POL between 2012 and 2019, submitted to the chair of the Business, Energy and Industrial Strategy Select Committee in June 2020:

“The message that the Board and I were consistently given by Fujitsu, from the highest levels of the company, was that while, like any IT system, Horizon was not perfect and had a limited life-span, it was fundamentally sound. I believed that it was reasonable for the Board to rely on these assurances: Fujitsu was a respected global IT company, it had many other governmental and high-profile customers, and from my experience of working with Fujitsu it appeared to be well-led and professional.”

Fundamentally, it would appear that the board lacked the ability to exercise informed, independent judgement over the functioning of their key IT system. In the absence of that capability, and impressed by the technical sophistication of Fujitsu, it chose to place faith in the competence of their IT provider rather than a gathering body of contradictory evidence. When combined with a defensive mindset that eschewed transparency, the consequences were catastrophic.

Going forward, a lack of technical literacy will continue to place many boards in an acutely vulnerable position. As we look ahead to the brave new world of AI, it is worth reflecting that the Horizon IT scandal is a textbook example of how the weak governance of technology can pose existential risks for an organisation, especially if it takes place in an environment in which board members are either unwilling or unable to do not grasp the full implications of their legal duty to promote the best interests of the company.

About the author

image of Karl West

Karl West

Freelance journalist, podcaster and media adviser. Senior Consultant at The Institute of Directors.

Karl has more than 25 years of experience in the media sector, including several years at The Sunday Times and Daily Mail, where he wrote about business – mainly transport, defence and UK manufacturing industries.

He has a podcast – The All Points West Podcast – that interviews the founders, CEOs and Chairs of small and medium sized UK companies.

Better directors for a better world

The IoD supports directors and business leaders across the UK and beyond to learn, network and build successful, responsible businesses.

Enhancing transparency and accountability

Browse valuable governance resources from the IoD.
Internet Explorer
Your web browser is out of date and is not supported by the IoD website. It is important to update your browser for increased security and a better web experience.