This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Freshfields Risk & Compliance

| 2 minutes read

SFO guidance on evaluation of corporate compliance programmes: some insights but no real practical guidance on adequate procedures

The UK Serious Fraud Office (SFO) has issued new guidance for its prosecutors on evaluating corporate compliance programmes (the Guidance).

For large commercial organisations, the high-level Guidance does little to move the dial on clarifying what the SFO expects of compliance programmes and what might constitute 'adequate procedures' for the purposes of a defence to s. 7 of the UK Bribery Act (UKBA). Over half of the eight-page Guidance is filled predominantly with quotes from the existing Bribery Act guidance issued by the Ministry of Justice back in 2011.

But despite its shortcomings, there are a few insights that can be gleaned from the Guidance, both in terms of what it covers and what it fails to address.

Expect questions on compliance at an early stage in the investigation

The Guidance makes clear that compliance issues should be considered as part of the overall, holistic investigation strategy, with teams encouraged to 'begin to explore compliance issues early in the investigation' and 'obtain information from a variety of sources'.

This may lead the SFO to make more detailed and earlier inquiries into companies’ compliance programmes during an investigation. Company representatives may need to be prepared for probing questions on compliance as part of any voluntary engagement with the SFO or through the use of the SFO’s powers to compel information or attendance at interview.

A shift towards greater use of monitors in DPAs? 

To date, the SFO has not insisted on imposing a formal compliance monitor in any of its deferred prosecution agreements. But that may soon change—the Guidance now talks about the appointment of a monitor being “likely”. This is quite a shift away from the more measured language of the 2014 DPA Code of Practice, which notes that the question of whether a monitor should be appointed to oversee changes to a company’s compliance programme will be very fact-dependent and should be 'approached with care'.

Little mention of the corporate tax offence

Under the Criminal Finances Act 2017, the SFO is the designated prosecutor for the offence of failure to prevent the facilitation of overseas tax evasion. Like s.7 of UKBA, there is also a compliance defence available (expressed as ‘reasonable’ rather than 'adequate' procedures). It is perhaps telling that the SFO’s own guidance to its prosecutors makes little mention of this offence (other than a passing reference in a footnote).

Anyone expecting an equivalent to the US DOJ’s guidance will be disappointed 

The lack of detail in the Guidance is in real contrast to equivalent guidance issued by the US Department of Justice. The DOJ Guidance lists, in some detail, the critical factors for evaluating whether a compliance programme is being effectively implemented, making clear the kind of evidence investigators will be looking for and the questions they will ask when conducting their assessment. In terms of broader principles, there is a good deal of overlap between the UK and US authorities’ approach. The SFO recognizes this in a footnote, stating the UK guidance is broadly consistent with international guidance, including that set out by the DOJ. It should at least be somewhat persuasive in discussions with the SFO if a company can demonstrate the effectiveness of its compliance programme by reference to the DOJ Guidelines.

Key expectations 

The Guidance will likely disappoint anyone who was looking for greater clarity on the all-important question of adequate procedures. But despite the lack of additional detail or colour, the Guidance does provide a clear indication of the ‘big picture’ issues that will concern the SFO when evaluating a compliance programme—none of which will be a surprise. The SFO will want evidence that the programme is 'effective', '[p]roportionate, risk-based and regularly reviewed'.

To read the Guidance in full, see here.

This post was co-authored by Madeleine Wall. 

A key feature of any compliance programme is that it needs to be effective and not simply a `paper exercise'. It is critical that the compliance programme is proportionate, risk-based and regularly reviewed.


global investigations, corporate crime, serious fraud office, compliance, compliance and risk, anti-bribery, anti-corruption