UK SFO updates guidance on evaluating corporate compliance programmes

The UK Serious Fraud Office (SFO) has published updated guidance on evaluating corporate compliance programmes, clarifying when and how such assessments occur. The updated guidance identifies six scenarios in which it may need to evaluate an organisation's compliance programme: (i) determining decisions on prosecution; (ii) considering deferred prosecution agreements (DPAs); (iii) including compliance terms and monitorships as part of any DPA; (iv) determining whether an organisation has a defence of "adequate procedures" under the Bribery Act 2010; (v) determining whether an organisation has a defence of "reasonable procedures" under the Economic Crime and Corporate Transparency Act 2023 (ECCTA); and (vi) sentencing considerations. In relation to statutory defences, the updated guidance draws on the six statutory principles in relation to proportionate procedures, top-level commitment, risk assessment, due diligence, communication (including training), and monitoring and ongoing review. It includes a "FAQs/general guidance" section, explaining the distinction between "adequate" or "reasonable" procedures (for statutory defences) and an "effective compliance programme" under failure-to-prevent offences. The SFO stresses that assessments depend on an organisation's individual circumstances. Having policies and controls in place does not automatically mean a programme is effective; the focus is on how policies translate into conduct on the ground.

Return to main website.