UK Corporate Confessions: The SFO's New Playbook

SFO Corporate Guidance Overview

On 24 April 2025, the UK Serious Fraud Office (“SFO”) unveiled its new External Guidance on Corporate Co-Operation and Enforcement in relation to Corporate Criminal Offending (the “Guidance”)^[1]to enhance corporate compliance, transparency and cooperation in combatting fraud, bribery and corruption in the UK. This comprehensive guidance is critical for both UK-based entities and international companies operating under UK jurisdiction.

Key Points of the Guidance

The Guidance delineates the SFO’s approach to assessing corporate criminal liability, emphasising effective compliance programs and corporate cooperation.

Notably, for the first time, the SFO has outlined its policy that if a company promptly self-reports suspected wrongdoing and cooperates with investigators, it will be invited to negotiate a Deferred Prosecution Agreement (“DPA”) rather than face prosecution, except in extraordinary cases. The SFO Guidance underscores that a prompt self-report is a pivotal factor favouring a DPA over prosecution.

Cooperative vs. Uncooperative Behaviour

The Guidance notes that the SFO does not expect a company to complete an investigation prior to any self-report and specifies that “genuine cooperation” involves assistance that goes “above and beyond what the law requires.”^[2]Non-exhaustive examples of what such cooperation involves include:

• Preserving digital and hard copy relevant material, and providing all relevant documents and information to the SFO;
• Early engagement with the SFO as to the parameters of any internal investigation;
• Informing the SFO of proposed steps in any further investigation (with care taken not to take any steps to prejudice the SFO’s investigations) and providing regular updates to the SFO including key findings;
• Providing non-privileged records of interviews;
• Producing relevant overseas documents within the company’s control (and providing translations of foreign documents);
• Identifying involved individuals, both inside and outside the organisation;
• Providing an analysis of the company’s compliance programme in place at the time of any offending, along with any undertaken or planned remediation of deficiencies; and
• Assisting the SFO with gaining access to employees for the purposes of further interviews (and, where appropriate, ensuring employees have access to independent legal advice).

The Guidance includes several examples of uncooperative conduct, including:

• Forum shopping;
• Exploiting differences between jurisdictions, e.g., blocking statutes;
• Minimizing involvement of individuals;
• Withholding information;
• Delaying providing information; and
• Overloading the SFO’s investigation by providing unnecessarily large amounts of material.

The Guidance also states that, while the SFO does not penalise a company maintaining a valid claim of legal professional privilege over relevant material, a voluntary waiver of legal professional privilege is considered to be a significant co-operative act that can help expedite proceedings.

Self-Reporting Process

To initiate a self-reporting process, a company must submit a form to the SFO’s Intelligence Division via their secure reporting portal.^[3] The SFO commits to making contact within 48 business hours post self-report. Within six months, a decision is made on whether it plans to open an investigation. Regular updates are provided throughout the investigation, culminating with DPA negotiations within six months of invitation.

It is crucial to note that reports to other agencies (either domestic or international) do not confer the protection of a self-report to the SFO; offending conduct must be reported to the SFO simultaneously or immediately thereafter.

Implications for UK-Based Companies and Companies Doing Business in the UK

The Guidance is indispensable for evaluating and refining compliance strategies for companies subject to UK jurisdiction. On an international scale, it highlights the SFO’s global influence, incentivizing companies to align compliance programs with UK standards.

The Guidance serves as a crucial document outlining the agency’s expectations for corporate compliance and cooperation. Companies, both domestic and international, must proactively align their practices with this guidance to mitigate risks of criminal liability. As the SFO continues to extend its reach, businesses must remain vigilant and adaptable to ensure compliance.

Considerations for Companies Doing Business in the UK

• Implement Effective Compliance Programs: Develop and maintain robust compliance programs that adhere to the standards set forth in the SFO’s guidance on evaluating compliance programs.^[4]
• Train Employees: Ensure comprehensive training for all employees on compliance policies and the importance of adhering to UK laws and regulations.
• Self-Reporting Mechanism: Be prepared to promptly investigate and potentially self-report suspected wrongdoing to the SFO to obtain the benefits articulated under the new guidance.
• Align Global Compliance: For international companies, align compliance programs with UK standards to mitigate risks due to the SFO’s global reach.
  
  

Crowell would like to thank Elise Borg for her contribution to this alert.