UK Serious Fraud Office Issues New Guidance on Corporate Cooperation and Enforcement

On 24 April 2025, the UK’s Serious Fraud Office (SFO) published new guidance for companies on cooperation and enforcement in relation to corporate criminal offending (Guidance).

The Guidance outlines the SFO’s key considerations in determining whether it is in the public interest to prosecute a company or invite it to negotiate a Deferred Prosecution Agreement (DPA).

The SFO’s Director, Nick Ephgrave, who has been at the helm of the SFO for over a year and a half, launched the Guidance during a conference in London where he provided his views on its purpose and practical application.

Headlines

• The SFO will guarantee an invitation to enter into DPA negotiations if a company promptly self-reports suspected offending and cooperates fully with the SFO, unless “exceptional circumstances” apply.
• The SFO will nevertheless consider DPA negotiations in the absence of a self-report where the company has provided “exemplary co-operation” with the SFO’s investigation. The Guidance includes examples of cooperative and uncooperative conduct in this regard.
• The Guidance also sets out the SFO’s process and expected timeframes for responding to self-reports.
• Although the Guidance provides some additional clarity on the SFO’s approach to DPA negotiations, a company’s decision to self-report, investigate and engage with enforcement agencies in the context of suspected criminal matters remains a complex and heavily fact-dependent issue that requires careful consideration.

What has changed

Unlike the SFO’s previous guidance on corporate self-reporting and cooperation, the new Guidance makes clear that unless “exceptional circumstances” apply, the SFO will invite a company to DPA negotiations if it has promptly self-reported suspected offending and fully cooperated with the SFO. These exceptional circumstances are not explained in the Guidance.

The SFO has also now provided additional clarity and set some expectations around the self-reporting process. However, it is clear that the timeframes for opening and closing an investigation will depend on various factors, including access to witnesses, and evidence located overseas.

Notably, putting aside the above changes, the Guidance is fundamentally consistent with the SFO’s earlier guidance, the DPA Code of Practice (which is referenced in the Guidance), and enforcement approaches more generally. Prompt self-reporting and full cooperation are established public interest factors in determining whether to opt for a DPA over a prosecution (and indeed, whether any enforcement action should be taken at all).

Prompt self-reporting – a key public interest factor for DPAs

The Guidance notes that self-reporting suspected criminal wrongdoing is “a mark of a responsible organisation” and provides the following:

• The SFO does not expect companies to fully investigate matters before self-reporting.
• A company’s failure to self-report within “a reasonable time” of becoming aware of suspected offending will weigh in favour of prosecution over DPA negotiations.
• If there is direct evidence of corporate offending, the SFO expects companies to self-report “soon after learning” of that evidence.
• The SFO, however, recognises that companies may need to further investigate suspected offending before making a self-report where the position is unclear or to understand the nature and extent of any offending.
• Where a company has failed to self-report, the SFO will consider whether the company was aware of the offending before the SFO’s investigation commenced.

When launching the Guidance, Mr Ephgrave stated that a company should self-report as soon as it has a “reasonable suspicion” that some offending has occurred.[1] This mirrors the test that applies to cautioning suspects prior to interview by law enforcement.

The self-reporting process and the SFO’s timeframes

The Guidance outlines the self-reporting process, including that reports should be made directly to the SFO’s Intelligence Division (via an online reporting form), as well as the information that should be contained in the report. The Guidance also includes the SFO’s expected timeframes for responding to a self-report, which are set out in the table below.

The importance of “genuine cooperation”

The SFO will only invite a “genuinely” cooperative company to engage in DPA negotiations, and a company’s cooperation with the SFO’s investigation is a key factor in determining the resolution of a case and penalty. The Guidance notes that a company which does not self-report but provides “exemplary” cooperation may be invited to DPA negotiations. Likewise, a company that self-reports but then fails to be genuinely cooperative may be prosecuted.

The SFO provides practical examples of what it considers to be cooperative conduct, noting that companies which demonstrate all of the conduct listed in the Guidance are likely to have provided exemplary cooperation. The full list—which is non-exhaustive—is set out in paragraph 22 of the Guidance and includes:

• proactively and promptly preserving relevant material, and collecting and identifying relevant documents and information;
• presenting the facts on the suspected criminal conduct, including identifying all persons involved, both inside and outside of the company;
• engaging with the SFO regarding any internal investigations early, giving advance notice of any proposed steps, keeping the SFO updated on progress including any key findings, and providing non-privileged records of interviews; and
• presenting an analysis of the company’s compliance policies and remediation.

The SFO also notes that it will not penalise companies for maintaining valid claims of legal professional privilege. However, a waiver of such privilege is considered a significant cooperative act.

Conversely, the SFO considers uncooperative conduct to include:

• unreasonably reporting wrongdoing to another jurisdiction for strategic reasons (known as “forum shopping”);
• trying to exploit differences between law enforcement agencies or legal systems;
• tactically delaying the provision of information or material; and
• seeking to overload the SFO’s investigation with unnecessarily large volumes of material.

Putting the Guidance into context

The Guidance should be considered in light of recent legislation which has lowered the attribution test for corporate criminal liability and widened the reach of failure to prevent offences to fraud (see our previous update). The failure to prevent fraud offence will be coming into force in September 2025 and the impending offence, together with the changes to establishing corporate criminal liability, presents a significant change in the enforcement landscape.

The Guidance also follows the publication of Mr Ephgrave’s 2025–2026 business plan, which details how the SFO is creating new asset confiscation enforcement and crypto expertise teams, strengthening its covert operations, and looking to further incentivise whistleblowers to make reports.

This all continues to indicate a concerted push to bolster the SFO’s enforcement capabilities and increase its enforcement activities.

If you have any questions, please contact the authors of this alert.

Katy Burgess, London Trainee Solicitor, contributed to the drafting of this alert.

[1] ‘“Look at me as the Mikhail Gorbachev of the SFO”: Nick Ephgrave’, Global Investigations Review, 24 April 2025 (subscription required).