On 24 April 2025, the Serious Fraud Office ('SFO') announced updated guidance 'on corporate co-operation and enforcement in relation to corporate criminal offending'.
The guidance
The Guidance represents a marked shift for the SFO in that it sets out, for the first time, that, if a corporate self-reports to the SFO and co-operates fully, the SFO will extend an invite to negotiate a DPA to the corporate, unless 'exceptional circumstances apply'. The Guidance does not expand on what would constitute such 'exceptional circumstances', but the relative certainty now on offer is nevertheless a welcome step forward for corporates faced with a decision about whether or not to self-report.
The Guidance also introduces a relatively detailed framework for managing the process of self-reporting, together with a more prescriptive approach as to what the SFO expects to see from a corporate by way of cooperation and the management of any related internal investigation. The framework includes an ambitious commitment by the SFO to seek to make contact with a self-reporting corporate within '48 business hours', to determine whether to open an investigation within six months, and to seek to conclude DPA negotiations within six months of an initial invitation.
The issue of delay has been a problem for the SFO (and other enforcement bodies) for years and was something which was specifically flagged in the 2025-26 Business Plan published by the SFO at the start of April as an area in which the Director of the SFO has sought to make progress over the last year. The inclusion in the Guidance of specific timings is a clear (and welcome) attempt to signpost an intention to move swiftly going forward, but it will require significant resources and discipline to realise in reality.
The Guidance also identifies what the SFO would consider unco-operative conduct from a corporate, including minimising or withholding the extent of offending, or tactically delaying the production of information or material. However, the Guidance also extends examples of unco-operative conduct to include 'forum shopping by unreasonably reporting offending to another jurisdiction for strategic reasons', and exploiting 'differences between international law enforcement agencies or legal systems'.
This is a more difficult proposition in circumstances in which the SFO's cases almost always contain some aspect of cross-border liability and in which cross-jurisdictional settlements are not unusual; for example, only last month, the SFO announced a new anti-corruption taskforce with France and Switzerland. This is likely to create some uncertainty for corporates weighing how to proceed in cross-border cases (in a document that otherwise appears intended to offer clarity) and it remains to be seen which jurisdictions will be deemed to fall the wrong side of the line for forum shopping purposes.
Evolving landscape
The Guidance comes following a number of investigations by the SFO against corporates which have not concluded in DPAs, and after a period of almost four years in which the SFO has not concluded any DPAS at all – in fact, the only DPA agreed since 2021 has been concluded by the CPS.
It also comes at a time of considerable change for corporate criminal liability generally.
For example, the day before the guidance was released, it was disclosed that the terms of reference for part 2 of Jonathan Fisher KC's Independent Review of Disclosure and Fraud Offences will include the prospect of payment of whistleblowers, and the Director of the SFO released a statement saying that the SFO looked forward to 'present[ing] our case for reform' on that issue.
Further, it was only at the end of last year that significant reforms to corporate criminal liability were introduced, meaning that organisations can be held criminally liable for the actions of senior managers. In addition, the new offence of failure to prevent fraud is due to come into force in September 2025, largely replicating the Bribery Act 2010 model which has been successful in giving rise to repeated DPAs over the last decade – a reform that was already predicted to give rise to an uptick in self-reporting.
The Guidance is clearly intended to complement these various reforms and provide corporates with confidence to self-report going forward – it represents a marked change for the SFO and a statement of intent that it sees DPAs as an essential part of its enforcement strategy going forward.