On April 24, 2025, the UK’s Serious Fraud Office (SFO) issued new Guidance on Corporate Co-Operation and Enforcement in Relation to Corporate Criminal Offending, which aims to incentivize companies to self-report “suspected corporate criminal conduct” to the agency and thereafter “co-operate fully” with the SFO’s investigation of the conduct.
The SFO Guidance
Following the carrot-and-stick approach that has characterized corporate criminal enforcement policy in the United States in recent years, the SFO Guidance offers self-reporting companies that also provide “genuine co-operation” the promise of a deferred prosecution agreement (DPA) – unless “exceptional circumstances” exist – and also promises to expedite its investigation, decision-making, and negotiations regarding the reported conduct. Companies that do not self-report suspected misconduct but thereafter provide “exemplary co-operation” with the SFO’s investigation may also be invited to negotiate a DPA. While the SFO Guidance does not explicitly declare DPAs unavailable for companies that do not self-report or cooperate, it notes that failing to self-report will weigh “in favour of prosecution” and that “[o]nly a genuinely co-operative [company] will be invited to engage in DPA negotiations.”
Self-reporting
Suspected wrongdoing can be self-reported to the SFO’s Intelligence Division via a secure online platform, and any self-report must contain at least the following information:
- Relevant known facts and evidence about the suspected offense.
- Individuals involved in the offense.
- Information on how to locate and access evidence and relevant materials.
The SFO commits that its Intelligence Division will “seek to establish contact” with the reporting entity within 48 business hours of the report, make a “decision on whether or not to open an investigation” within six months, and “seek to regularly update [the reporting entity] on the status of the self-report.”
Cooperation
Key factors that the SFO will consider in evaluating a company’s cooperation include:
- Preserving digital and hard copies of materials and evidence about the suspected offense.
- Waiving legal professional privilege over evidence about the suspected offense.
- Locating and providing access to useful documents and information, including materials hosted or stored abroad by third parties.
- Providing detailed descriptions of the facts on the suspected offense, including information about individuals involved in the suspected offense, financial information about the benefit and harm the offense has caused, and information on the company’s compliance program and policies that were in place at the time the offense took place.
- Offering assistance during the investigation, including by engaging with the SFO to provide updates and new findings; helping the SFO with employee interviews; notifying the SFO of any request received from another regulator, law enforcement agency, or prosecutor; and informing the SFO of any foreign “blocking statutes” that could prevent access to relevant information.
Companies that delay or provide less than fully forthright disclosures to the SFO, attempt to “overload” the SFO with “unnecessarily large amounts of material,” or tactically wield “differences between international law enforcement agencies or legal systems” to impede the SFO’s investigation may be viewed as “unco-operative” and will risk losing the opportunity to negotiate a DPA.
Takeaways and Questions
Unmistakeable SFO interest in corporate criminal enforcement. When issuing the SFO Guidance, the SFO director emphasized that “[i]f you have knowledge of wrongdoing, the gamble of keeping this to yourself has never been riskier,” and indeed the SFO Guidance arrives alongside his repeated expressions of interest in incentivizing whistleblowers to report corporate criminal conduct, the agency’s efforts to implement internal improvements that will position it to effectively investigate and prosecute complex financial crimes, efforts to reform and modernize the UK’s disclosure regime, and the SFO’s cofounding of the International Anti-Corruption Prosecutorial Taskforce, a multijurisdictional group aimed at combatting international bribery and corruption. The SFO also has opened multiple corporate criminal investigations in just the past few weeks, noted in its recently issued business plan multiple ways it intends to be “bolder and more pragmatic” in its mission, and is preparing to wield the new “failure to prevent fraud” offense created by the Economic Crime and Corporate Transparency Act (discussed in prior Alston & Bird advisories, including here). There has been much speculation about the extent of any U.S. retreat from certain corporate criminal enforcement and how much (if at all) non-U.S. enforcement agencies might fill any resulting void, and the SFO Guidance is yet another signal from the SFO that it intends to do so.
A U.S.-style approach at a time of historic U.S. uncertainty. Though it differs in several key ways from analogous U.S. guidance (including in its explicit willingness to reward a privilege waiver), the SFO Guidance sounds very much in the same key as the U.S. Department of Justice’s (DOJ) Corporate Enforcement Policy, even if it lacks the mathematical granularity of the DOJ’s sentencing guidelines discounts. This parallel structure no doubt is intentional, but the relevance, value, and impact of this alignment with the DOJ’s traditional approach to corporate criminal enforcement remains to be seen, given the many still-unanswered questions about the Trump Administration’s approach to corporate criminal enforcement in the United States.
Will it move the needle? While this additional transparency from the SFO is helpful and informative, and reflects yet further maturing of the SFO’s (and the UK’s) corporate criminal enforcement regime, it is unlikely to fundamentally alter the unavoidably fraught decision to self-report suspected misconduct. The SFO Guidance does not categorically prohibit DPAs for companies that do not self-report, and the wide range of collateral consequences arising from a self-report still will weigh heavily on companies (and their counsel) when evaluating whether to self-report, even if doing so now offers a higher probability of a favorable SFO outcome.
Investment in compliance and controls essential. Companies can only have the opportunity to self-report if they identify potential misconduct before enforcers do. The continued proliferation of whistleblower programs is just one factor narrowing the window for such identification. To preserve the option of pursuing the potential rewards promised by the SFO, companies must ensure their compliance programs, internal controls, and associated policies and procedures are optimized to quickly detect and respond to potential misconduct.
If you have any questions, or would like additional information, please contact one of the attorneys on our White Collar, Government & Internal Investigations team.
You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.