On 26 November 2025, the UK Serious Fraud Office (SFO) announced an update on its corporate compliance guidance. The refreshed guidance clarifies when, how, and why the SFO assesses corporate compliance programs, emphasizing case-by-case evaluations. Notably, having policies, procedures and controls in place alone does not guarantee a program’s effectiveness; the actual conduct within the company is scrutinized closely.
The SFO’s updated guidance, that follows recent changes in corporate offence legislation related to fraud prevention, identifies six specific scenarios where the agency might evaluate a company’s compliance program:
- When deciding if prosecution is in the public interest
- When considering deferred prosecution agreements (DPAs)
- When deciding whether to impose compliance monitorships with DPAs
- When a company claims “adequate procedures” to prevent bribery under the Bribery Act
- During sentencing considerations after corporate convictions for fraud or bribery
- When assessing reasonable procedures defence under the new corporate offence of failing to prevent fraud
The guidance explains that companies bear the burden of proving they implemented “reasonable procedures” to prevent fraud – a defence available under the new corporate offence of failing to prevent fraud effective from September. The SFO may proactively evaluate compliance programs during investigations to gauge the chances of this defence succeeding in potential prosecutions. The agency uses various investigatory tools, including compelled disclosures and suspect interviews, to gather information on compliance effectiveness.
With its refreshed guidance, the SFO aims to provide clear expectations, promote transparency, and encourage organizations to foster genuine anti-fraud and anti-bribery cultures – not mere tick-box compliance exercises. Though the SFO makes clear that there is no formal guidance or interpretation of what constitutes adequate procedures under the Bribery Act or reasonable procedures under the Economic Crime and Corporate Transparency Act, it recognizes external frameworks, citing e.g. the US Justice Department and French Anti-Corruption Agency guidelines as helpful references for companies with relevant international links.
If you are looking for an independent assessment of the effectiveness of your compliance management system or need to establish one, please feel free to contact us.
Here you can also learn more about comprehensive effectiveness tests.