On November 26, 2025, the UK Serious Fraud Office (SFO) released updated guidance outlining how it will evaluate corporate compliance programs in prosecutions of criminal bribery and fraud. This refreshed guidance, which was followed days later by the UK Anti-Corruption Strategy 2025, replaces the SFO’s 2020 guidance and provides corporations with greater clarity on how the SFO will approach the new “failure to prevent fraud” offense under the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which took effect on September 1, 2025 (and was the subject of an Alston & Bird advisory available here).
The New Guidance
While this updated guidance introduces important additions, particularly the UK’s new failure to prevent fraud offense, much of it merely restates previously issued guidance.
The first section identifies six scenarios in which the SFO will need to assess a corporate compliance program:
- When determining whether a prosecution is in the public interest, pursuant to the Joint SFO-CPS Corporate Prosecution Guidance.
- When considering a company's eligibility for a deferred prosecution agreement (DPA).
- When determining what compliance-related terms (including potentially an independent compliance monitor) should be part of any DPA.
- When assessing whether an organization has a defense of “adequate procedures” to the offense of failure to prevent bribery.
- When assessing whether an organization has a defense of “reasonable procedures” to the offense of failure to prevent fraud.
- When weighing the “existence and nature” of an organization’s compliance program for post-conviction sentencing recommendations.
In explaining the “legal background and guidance” for each of these scenarios, the SFO recites each scenario’s statutory framework, concluding each with a “summary” that distills the relevance of a corporate compliance program to that scenario. The new guidance concludes with FAQs and external links to related materials from the UK, United States, and France.
Unanswered Questions
The new guidance stops short of articulating what compliance processes and procedures the SFO will deem “adequate” under Section 7 of the Bribery Act 2010 or “reasonable” under Section 199 of ECCTA, electing instead to reiterate long-standing principles such as the acknowledgment that “[e]ach compliance programme is different” and that a compliance program must not simply be “a paper exercise.” Yet the SFO then cautions against—and promises to “dig behind” and “challenge”—what it characterizes as “generalities” and “high level assertions,” and perhaps in an acknowledgement of the limitations of the SFO’s guidance, encourages reference to “external sources,” particularly the U.S. Department of Justice’s Evaluation of Corporate Compliance Programs guidance.
Key Takeaways
- SFO Enforcement Looks to Be Aggressive, but Thoughtful. The SFO’s updated guidance is another signal of the agency’s continued interest in prosecuting corporate entities, in particular through the use of “failure to prevent” offenses. SFO Director Nick Ephgrave has been clear: “Come September [2025], if [companies] haven’t sorted themselves out, we’re coming after them. That’s the message I’ll be delivering. … I’m very, very keen to prosecute someone for that offence. We can’t sit with the statute books gathering dust; someone needs to feel the bite.” Armed with ECCTA’s revisions to principles of corporate liability, the SFO’s eagerness is likely to result in more (and more aggressive) corporate investigations and prosecutions in 2026 and beyond.
- Part of a Broader White-Collar Enforcement Commitment. While the most notable aspects of the SFO’s updated guidance relate to the Section 199 ECCTA failure to prevent fraud offense, the SFO’s reissuance of compliance guidance is also closely aligned with aspects of the UK Anti-Corruption Strategy 2025, including the SFO’s commitment to “testing and expanding its capability to help companies sharpen their defences against corruption and increase partnership with the private sector.” It’s another important reminder that the SFO’s professed appetite for aggressive enforcement is very much in keeping with a broader UK government commitment to white-collar enforcement.
- U.S.-Style Compliance Investments Will Pay Dividends in the UK. The SFO’s updated guidance shares conceptual similarities with, and indeed explicitly relies on and cross-references, the DOJ’s Evaluation of Corporate Compliance Programs guidance (discussed in an Alston & Bird advisory here). Companies operating in or otherwise having a nexus to both the U.S. and the UK can be assured that process investments and improvements in each jurisdiction, if made in accordance with articulated principles from the DOJ or SFO, will find favor in the other jurisdiction as well.
As the SFO continues to pursue large-scale corporate investigations into bribery and corruption, as well as look for opportunities to deploy its new Section 199 ECCTA offense, a commitment to compliance resourcing remains essential. Companies and their counsel can expect a greater level of SFO scrutiny into compliance matters and must be prepared to explain detailed aspects of compliance program design, compliance-related data, and areas for supplementation and improvement if they want to avoid prosecution or other punitive outcomes.
If you have any questions, or would like additional information, please contact one of the attorneys on our White Collar, Government & Internal Investigations team.
You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.