Alert: Updated SFO guidance on evaluating corporate compliance programmes

In late November 2025, the Serious Fraud Office (the SFO) published their updated guidance on evaluating corporate compliance programmes.

What does the Serious Fraud Office guidance focus on?

The guidance addresses the six scenarios in which the SFO may need to evaluate an organisation’s compliance programme. The scenarios are when the SFO is to determine whether:

1. To prosecute an organisation.
2. To consider a deferred prosecution agreement (DPA).
3. To include compliance terms and / or a monitorship as part of any DPA.
4. An organisation has a defence of “adequate procedures” to a failure to prevent bribery charge under s.7 of the Bribery Act 2010.
5. An organisation has a defence of “reasonable procedures” to a failure to prevent fraud charge under s.199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA). Read our overview of the ECCTA’s FTPF offence.
6. The existence and nature of the compliance programme is a relevant factor for sentencing considerations.

What are some key considerations organisations should be aware of?

The guidance also includes an FAQs section.

Some highlights and takeaways from the FAQs include:

1. The guidance explicitly advises against compliance programmes that are simple “paper exercises”. More bespoke and specific compliance programmes are expected from organisations. Additionally, the SFO is interested in how policies, procedures, and controls translate into “conduct on the ground” and in the real world.
2. These FAQs also show that the SFO will consider whether there are sufficient systems and controls against circumvention. For example, not just having an approval process, but also having a system to check or audit those approvals to make sure that the process is being correctly adhered to.
3. The FAQs also helpfully provided links to US and French guidance on compliance programmes for organisations with links to those countries.
4. The SFO may use compelled document disclosure and direct questioning of the organisation for their investigation. This is another reminder that clear and comprehensive record keeping is essential.

What does the future bring?

The SFO is going through a period of uncertainty currently with the resignation of the SFO’s Director Nick Ephgrave.  He will leave at the end of March.  In some respects Ephgrave had restored the SFO’s power after some setbacks under the last Director and he opened new investigations and used the SFO’s dawn raid powers effectively.  Ephgrave leaves the SFO with around 35 open investigations.

Practical tips

Most organisations they will want to review their practices and procedures against the SFO’s updated guidance.  This might include:

1. Reviewing and refreshing policies – making sure that they are effective and that the organisation can demonstrate that they reflect the organisation’s culture and tone from the top.  This needs to be more than ‘paper compliance’.
2. Ensure that the organisation has adequate controls in place.  They’ll need to be refreshed to cope with today’s world including the use of AI by bad actors and the challenges of remote or hybrid working.
3. Making sure that training is up to date and fit for purpose.  Good training programs are role-based with in-person training for high risk roles.
4. Having a well-rehearsed response plan when incidents are suspected.  This will include being able to respond quickly to whistleblower reports.

For more information:

Read our FAQs on the failure to prevent fraud offence under ECCTA.

Listen to our podcast with PSL Partner Jonathan Armstrong on the failure to prevent fraud offence.

Read the full SFO guidance.

Learn more about Punter Southall Law’s Investigations Services or Contact Us to arrange a consultation.