I'm interpreting "locked" to mean that the field may be viewed but not modified.
Most secure approach is to lock the entire record in which actuals is defined. If Actuals and Forcasts are defined in the same table, you may want to split this table into two pieces with a one to one relationship linking them. Put the fields that need to be locked for one group of users and not others in this new related table so that by locking the record you lock only the fields to which you need to restrict access selectively.
Then you can set up an expression in Manage | Security that controls access via a calculation or just a privilege set setting. (Business level gets a different privilege set than Head Office level.)
That may or may not be practical--depending on the number of user groups with different security settings that you have to set up. See "Editing record access privileges" to learn the details in how you can do this.
A much less secure, but more flexible approach is to use OnObjectEnter script triggers to perform a script that moves the cursor on to the next field or other layout object if the user is a member of a privilege set that doesn't permit them to edit the field. Or you can create two layouts that are identical except that one permits editing the restricted fields and the other does not. You'd use scripts to control which layout is accessed by a given user. In either case, you can increase the level of security by also adding a field validation expression that checks the current user's privilege set name--thus accepting any changes made only if the user's privilege set name is for Head Office or full access.