Decisions, decisions and how to get a good night’s sleep. SFO publishes new guidance for corporates

The decision whether or not to self-report suspected corporate misconduct to the Serious Fraud Office will have caused sleepless nights for many a company executive. If the consequences of reporting are uncertain and prosecution still a potential outcome, weighing up whether or not to disclose suspected criminality remains a tough decision.

The carrot

With the publication on 24 April 2025 of its much-heralded Guidance on Corporate Co-operation and Enforcement in relation to Corporate Criminal Offending (the Guidance), the SFO is aiming to make that decision easier. Now, if a corporate self-reports suspected wrongdoing promptly to the SFO and co-operates fully with any subsequent investigation, the SFO will invite it to negotiate a deferred prosecution agreement (DPA) rather than prosecute, “unless exceptional circumstances apply”. 

The Guidance, which includes clarity on how self-reports should be made, the information required to be disclosed and examples of what will constitute good (and bad) ongoing cooperation, along with an ambitious timeframe for the resolution of cases, is to be welcomed. However, corporates may not view the Guidance on its own as sufficient encouragement to disclose wrongdoing, especially where that conduct may not otherwise come to light. Practically, it remains unclear how the new approach will be managed by an under-resourced SFO and within a legislative framework that not only requires judicial approval of DPAs but doesn't provide the flexibility to offer financial incentives much beyond those already available to corporate defendants who plead guilty. 

The press and legal commentators have been quick to seize upon the SFO’s key message that, unless exceptional circumstances apply, a corporate that self-reports suspected wrongdoing promptly to the SFO and co-operates fully can expect to be invited to negotiate a DPA rather than face prosecution. Whether, when and how a corporate self-reports suspected offending is a key consideration when assessing the public interest in favour of a DPA, while a failure to notify the SFO of suspected offending within a reasonable time of discovering it is a specific public interest factor in favour of prosecution.

Speaking at the GIR Live event on the day the Guidance was launched, director of the SFO, Nick Ephgrave, emphasised that businesses with “direct evidence” of offending should approach the agency “soon after learning of that evidence”. Nonetheless, despite the accent on self-reporting in good time, the SFO will also consider inviting a corporate that has not self-reported to DPA negotiations if it has provided “exemplary" co-operation with the agency's investigation. Precisely what distinguishes “exemplary” co-operation from “genuine” and “proactive” co-operation is not entirely clear.

Self-reports should be made directly to the Intelligence Division of the SFO via a specific online form and should identify all relevant known facts and evidence concerning the suspected offences, the persons involved and the relevant jurisdiction(s). The SFO also expects to be told about key documents and materials and any associated risks of destruction or the dissipation of key assets. 

The Guidance notes that a self-report and being cooperative “are not one and the same" and that co-operation by the corporate, even after self-reporting, remains a key factor in deciding how a case is resolved and the level of penalty. Only a “genuinely co-operative" corporate will be invited to engage in DPA negotiations. The Guidance sets out a non-exhaustive list of what will be considered co-operation, which includes considerable engagement with the SFO to provide relevant documents and information. While a corporate that maintains a valid claim of legal professional privilege (LLP) over relevant material “will not be penalised for doing so", a waiver of LPP will be considered to be a “significant co-operative act" and can help expedite matters. 

Certain conduct will be considered to be “unco-operative", including: forum shopping; seeking to exploit differences between international law enforcement agencies or legal systems; attempting to obfuscate the involvement of individuals, minimise and/or withhold the full extent of the suspected offending; tactically delaying providing information or material; and seeking to “overload" the SFO's investigation by providing unnecessarily large amounts of material (perhaps recognising that the agency’s systems and resources for dealing with disclosure remain unequal to the task in largescale cases).

The Guidance acknowledges that a corporate may wish to undertake an internal investigation before self-reporting suspected misconduct, although it does not expect a corporate to fully investigate the matter before self-reporting. If a corporate does choose to investigate itself, the SFO expects to be informed of proposed steps in advance (particularly with regard to internal interviews) and to be provided with the facts gathered, access to non-privileged records of interviews (noting that a voluntary waiver of privilege over privileged records will weigh strongly in favour of co-operation). 

Also new is the ambitious timeframe the SFO has given itself for responding to self-reports. The agency will “seek” to contact a self-reporting corporate within 48 business hours of a self-report or other initial contact; decide whether or not to open an investigation within six months; conclude its investigation within a “reasonably prompt" time frame; conclude DPA negotiations within six months of sending an invite; and keep the corporate regularly updated. The last of these is likely to be particularly welcome to corporates whose self-reports may hitherto have disappeared into a black hole. 

The stick

Nick Ephgrave has backed up the new Guidance with a beefed-up message that failing to self-report is now a risky "gamble" that corporates should not be willing to take. It is true that a number of initiatives to better tackle economic crime have been introduced recently. Changes to corporate criminal liability introduced in the Economic Crime and Corporate Transparency Act 2023 mean that a company can now be criminally liable for economic offences committed by its senior managers acting within the actual or apparent scope of their authority[1], rather than just those who are its “controlling mind and will”. A new corporate offence of failing to prevent fraud, coming into effect on 1 September 2025, further increases the potential liability of a corporate for fraudulent conduct by its employees, agents, subsidiaries and others, with no requirement for the company itself to have been involved, or even know about the conduct[2].

Meanwhile, the SFO suggests, the chances of detection are increasing. The agency’s own powers under section 2A of the Criminal Justice Act 1987 were extended last year to enable the SFO to compel the disclosure of information at the pre-investigation stage in all its cases, including both foreign and domestic bribery and corruption and all cases of fraud. Proposals to incentivise whistleblowers to report misconduct through financial rewards are gathering support and are now the subject of an independent Home Office report being chaired by Jonathan Fisher KC. HM Treasury has already proposed the introduction of financial rewards for whistleblowers who expose tax evasion and fraud by wealthy individuals and multinational businesses. But is this all enough?

A balancing act

It should be remembered that the final decision whether or not to enter into a DPA remains with the court, which must review and approve the terms of any DPA negotiated by the SFO and corporate defendant. So while the SFO may be able to guarantee the offer of DPA negotiations for self-reporting companies, it cannot guarantee the DPA itself. No court has yet declined to approve a proposed DPA, but that does not mean it can’t. 

In addition, corporates will have to weigh up the pros and cons of a DPA. As it currently stands, the standard financial penalty imposed as part of a DPA must be “broadly comparable” with the fine a court would have imposed following an early guilty plea[3]. This usually results in a discount of one third, albeit that in most DPAs agreed to date the corporate has been granted an additional discount, most usually of 17%, for exceptional co-operation. There is no provision in the legislation to permit the offer of a larger discount at the outset, making the financial implications of self-reporting less attractive than they might be. 

It is true that corporates entering into a DPA do not face automatic debarment from public contracts that accompanies a criminal conviction. This may not bother those who operate outside the public sector, although they would still face considerable reputational damage from a successful prosecution.

The Guidance is a clear statement from the SFO that it wants to work with corporates to tackle wrongdoing, and the clarity it provides regarding process and timings is to be welcomed. Whether it will fulfil the SFO’s ambition of increasing self-reporting by corporates is less certain. Company executives still face many sleepless nights ahead.

[1]    See our briefing here for more: The Economic Crime and Corporate Transparency Act receives Royal Assent – now the hard work begins 

[2]    See our briefing here for more: Nine months and counting. | Linklaters

[3]    Per the Crime and Courts Act 2013, Schedule 17 paragraph 5