Fraud and bribery risks are rising across Europe, prompting businesses to rethink their compliance strategies. Jonathan Armstrong examines new guidance from the UK’s Serious Fraud Office, which sets stricter expectations for corporate self-reporting. His analysis outlines how genuine co-operation can shape outcomes and why early, proactive action is now essential.
Fraud and bribery continue to pose serious threats to European businesses, bringing financial, reputational, and legal risks. Recent guidance from the UK’s Serious Fraud Office (SFO) signals a renewed appetite for enforcement, and a clearer, more structured path for companies that choose to self-report wrongdoing.
On 24 April 2025, the SFO published its ‘External Guidance on Corporate Co-Operation and Enforcement in relation to Corporate Criminal Offending[i]’. This marks a shift in the agency’s approach to corporate self-reporting, with updated expectations for how businesses should behave if they uncover potential bribery-related offences.
The message is clear: prompt and genuine co-operation can make the difference between a deferred prosecution agreement (DPA) and full criminal prosecution. However, companies must understand the new rules of engagement, and act accordingly.
A Renewed Push for Corporate Accountability
Under Director Nick Ephgrave, a former senior police officer, the SFO has adopted a tougher, more proactive stance.
Increased funding – £9.3 million announced in late 2024[ii] – has also supported a raft of new investigations, dawn raids, and early interviews.
Ephgrave’s leadership signals a firm intent to restore public trust in corporate law enforcement and to move faster on complex cases.
The new guidance formalises this approach. It states that organisations that self-report promptly and co-operate fully will, in most cases, be invited to negotiate a DPA instead of facing prosecution, “unless exceptional circumstances apply”.
This represents both a carrot and a stick. For well-prepared companies, a DPA can offer a faster, more discreet resolution. For those that delay, obstruct, or ignore misconduct, the consequences could be severe.
What Does “Genuine Co-operation” Really Mean?
The SFO sets out specific expectations for what constitutes genuine co-operation, a term that can be open to interpretation. Businesses must go “beyond what the law requires” – and the guidance includes examples such as:
- Prompt preservation of relevant digital and physical records;
- Providing document translations where necessary;
- Keeping the SFO informed of the steps and timeline in any ongoing investigation;
- Where possible, waiving legal professional privilege – a step the SFO considers highly co-operative (though not obligatory).
At the same time, the SFO highlights red flags for unco-operative conduct. These include forum shopping (trying to choose a more favourable jurisdiction), and any attempts at obfuscation.
While privilege waivers may assist in negotiating a DPA, companies must carefully weigh the broader legal implications, particularly if international regulators or civil claims are in play.
Timelines and Expectations
The SFO’s guidance also offers some service level commitments to make the self-reporting process more transparent. These include:
- Contacting self-reporting corporates within 48 business hours of a self-report or other initial contact;
- Regularly updating a self-reporting corporate throughout the process;
- Deciding whether or not to open an investigation within six months of a self-report;
- Concluding its investigation within a reasonably swift time frame;
- Concluding DPA negotiations within six months of sending an invitation.
Whether these timelines can be maintained, especially in cross-border cases, remains to be seen, however, they represent a step toward greater certainty for businesses managing serious allegations.
New Offences, New Obligations
The timing of the guidance is no coincidence. In September, the UK’s ‘failure to prevent fraud’ offence will come into force[iii], placing fresh obligations on companies to take proactive steps in preventing fraud and corruption within their ranks. This follows a similar model to the Bribery Act 2010 and further raises the stakes for compliance teams.
For businesses, this means ensuring internal controls are up to scratch – and that staff at all levels – are equipped to identify and report suspicious behaviour.
Practical Tips for Business Leaders
So how should companies respond? Here are five practical steps for mitigating fraud risk and preparing for possible self-reporting:
1. Train your people
Educate relevant employees in spotting the signs of bribery and other wrongdoing.
2. React fast to whistle-blower reports
When concerns are raised, act decisively. Ensure investigations are fair, thorough, and documented – balancing the rights of the accused and preserving the integrity of the evidence.
3. Allocate appropriate resources to an investigation.
This may include specialist external counsel, technology and translation services. Even if waiving privilege can be a factor the SFO will take into consideration, it is likely that most organisations will want to do all that they can to preserve privilege, especially if other enforcement bodies and/or litigation are in play.
4. Demonstrate board-level commitment
Culture starts at the top. Senior management must be committed to preventing bribery by fostering a culture in which bribery is never acceptable.
5. Review due diligence processes
Reinforce the need to do proper due diligence especially when engaging agents and intermediaries in high-risk areas.
The SFO’s new guidance brings welcome clarity, but perhaps also a higher bar for businesses seeking leniency. With tougher enforcement, new legislation, and greater scrutiny from stakeholders, corporate leaders must take the risks of fraud and bribery seriously. In a world where economic crime often goes undetected until too late – and regulators are increasingly willing to act – those who are prepared will be best placed to weather the storm.
About the Author
Jonathan Armstrong is a lawyer at Punter Southall Law working on compliance & technology. He is also a Professor at Fordham Law School. Jonathan is an acknowledged expert on AI and he serves on the NYSBA’s AI Task Force looking at the impact of AI on law & regulation.
References
