UK Fraud Watchdog Raises Expectations with Updated Compliance Guidance

Key Takeaways

• Updated SFO Framework: Guidance clarifies when and how corporate compliance programs will be evaluated in enforcement scenarios.
• ECCTA Fraud Standard: Includes new criteria for assessing “reasonable procedures” under the failure to prevent fraud offense.
• Conduct Over Paperwork: Assessments focus on whether controls work in practice, not just the existence of written policies.
• Timing Matters: Compliance effectiveness at the time of the misconduct and at charging will influence prosecution decisions.

Deep Dive

The UK Serious Fraud Office (SFO) has recently released updated guidance explaining how it evaluates corporate compliance programs during investigations and enforcement decisions, including newly added standards related to the “failure to prevent fraud” offense introduced under the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

The guidance identifies six points where compliance effectiveness may influence the SFO’s approach: whether to prosecute a company, whether a deferred prosecution agreement (DPA) is appropriate, whether compliance improvements or a monitorship should be imposed as part of a DPA, whether a company can rely on defenses under the Bribery Act or ECCTA, and how compliance should be factored into sentencing.

A core message in the updated document is that written policies alone are not enough. The SFO says it will examine whether controls operate in practice and whether leadership has fostered behavior that prevents fraud, bribery, and corruption. Prosecutors may consider compliance both at the time misconduct occurred and at the point of charging or entering into a DPA.

The guidance also clarifies differences between legal defenses available to companies. Under the Bribery Act 2010, a company must demonstrate “adequate procedures” to prevent bribery. Under the ECCTA fraud offense, companies must show “reasonable procedures” were in place, or argue it was not reasonable to have such procedures based on their circumstances. The SFO notes that both assessments are fact-specific and context-dependent.

When monitorships or compliance requirements form part of a DPA, the SFO indicates it will assess whether proposed changes are proportionate and likely to strengthen future controls. Any reforms will be evaluated throughout the duration of the agreement.

The updated guidance follows earlier policy changes this year, including revisions to cooperation expectations in April and a joint prosecution framework with the Crown Prosecution Service in August. The SFO says the changes are intended to provide greater transparency for organizations seeking to meet enforcement expectations.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.