Updated SFO Guidance: Familiar Framework, Sharper Focus—Timing Is Everything

The Serious Fraud Office (SFO) is raising the stakes. With the publication of new Co-operation and Enforcement Guidance on 24 April 2025, the agency is ramping up enforcement and clarifying expectations for corporate engagement. Combined with stronger investigative tools, a lower threshold for corporate liability, and renewed emphasis on whistleblowing, the message is clear: cooperate early or face the consequences.

At the launch of the new guidance, the Director of the SFO outlined a more aggressive and proactive approach to investigations. This includes expanded use of covert intelligence techniques and advanced investigative tools to detect and pursue new matters. The SFO also reiterated its interest in U.S. style whistleblower incentives and reaffirmed its willingness to grant immunity from prosecution to individuals in appropriate circumstances.

These developments are part of the SFO’s broader strategy to position itself as a formidable player in the global fight against corporate crime. A key element of this strategy is the creation of the International Anti-Corruption Prosecutorial Taskforce—a strategic alliance between the SFO, France’s Parquet National Financier (PNF), and Switzerland’s Office of the Attorney General (OAG). The taskforce is designed to coordinate enforcement strategy, share expertise, and strengthen cross-border operational collaboration, with the flexibility to engage additional jurisdictions as needed. These initiatives run in parallel to—but are distinct from—the European Union’s efforts to establish a minimum legal standard for combatting corruption, including proposals to introduce corporate criminal liability across all member states.

The announcement about the newly empowered SFO and its European counterparts come at a critical juncture, as the international community awaits clarity on the future of FCPA enforcement in the United States. In the meantime, the SFO Director confirmed that the agency is actively engaging with the U.S. Department of Justice (DOJ) to better understand the reasons behind the current pause in FCPA activity and to identify cases with UK connections.

Will the new guidance encourage corporate self-reporting?

That depends greatly on a company’s culture and the issues at hand. While the updated guidance provides greater clarity on how corporates can secure a Deferred Prosecution Agreement (DPA), much of its substance reiterates principles found in earlier SFO publications, the DPA Codes of Practice, and existing case law. Nevertheless the inclusion of practical examples regarding cooperation and the timing of self-reporting is helpful.

Applying the guidance in real-world situations remains a nuanced and context-dependent challenge not always fully appreciated by the SFO. The central question is whether the added clarity combined with the SFO’s more assertive approach, will meaningfully influence corporate behavior toward greater self-reporting.

Key Questions from the New Guidance

1. “What do corporates need to do to get a DPA?”

Self-report promptly and cooperate fully. That remains the clearest path to a Deferred Prosecution Agreement. Previously, the SFO’s code stated that “full, robust cooperation” did not guarantee a particular outcome. The new guidance is more definitive and should provide greater certainty.  However, companies that fail to self-report may still qualify for a DPA if they later demonstrate exemplary cooperation by adopting all of the non-exhaustive examples of cooperation set out in the guidance. Notably the guidance warns that failure to self-report known misconduct is a public interest factor in favor of prosecution.

2. “When should a corporate self-report?”

Timing is critical. The SFO expects reporting within a reasonable time after discovering suspected misconduct. The Director suggested that the right time to self-report is when there are “reasonable grounds to suspect” corporate offending. A threshold similar to that used by police in stop and search powers. Whether this standard is appropriate for corporate decision making remains to be seen.

3. “Can we investigate internally before reporting?”

Yes, to a point. It is permissible to investigate suspicions of suspected offending in order to understand the nature and extent of any offending. If the position is less clear-cut then some further investigation is acceptable.  Crucially, the SFO cautions against fully investigating before reporting, as doing so could negatively impact cooperation credit.

4. “How do we manage our internal investigation?”

With extreme care. The guidance emphasizes that actions that prejudice an SFO investigation, such as failing to consult the SFO early or interviewing employees against its instructions, will damage cooperation credit.

5. “What counts as cooperation?”

Cooperation means going above and beyond legal requirements. The guidance outlines a detailed non-exhaustive, list of behaviors that will be taken into account by the SFO. Examples include:

• • Preserving and providing relevant evidence in a format agreed upon with the SFO.
  • Engaging with the SFO to agree the parameters of any internal investigation.
  • Presenting the facts on the suspected criminal conduct, including identifying all persons involved both inside and outside the organisation.
  • Providing non-privileged records of interviews.

6. “How long will this all take?”

Under its new leadership, the SFO claims to be moving faster when investigating and making charging decisions. The guidance sets out aspirational timelines for SFO decision making: a response to a self-report within 48 hours, a decision on whether to open an investigation within six months, and completion of investigations within a "reasonably prompt" timeframe. These are best-effort commitments, but not hard deadlines.

7. Compliance isn’t just a shield.

A significant update in the guidance is the explicit requirement for companies to present a detailed analysis of their compliance frameworks as they existed at the time of misconduct and how any deficiencies have been or will be addressed. At the launch, the SFO Director underscored that senior management must be able to speak knowledgeably about their organisation’s compliance systems. This approach makes it clear that compliance and remediation are not post-DPA concerns; they are central to the cooperation assessment and a gateway to a possible DPA.

Conclusion: What This Means for You

The new guidance reinforces established expectations and offers greater clarity, but it does not radically change the landscape for self-reporting or cooperation. The true test will be how rigorously the SFO  applies these principles in practice. In the meantime, companies should review their investigation protocols, ensure mechanisms for early engagement are in place, and prepare to respond quickly and transparently when misconduct is discovered. The cost of hesitation could be prosecution instead of a DPA.