On 24 April 2025, the Serious Fraud Office (SFO) released its new guidance on Deferred Prosecution Agreements (DPAs), with the clear aim of incentivising companies to self-report suspected criminal wrongdoing. The guidance appears ambitious, optimistic, and pragmatic in its effect – with welcome reassurances for companies. However, clear questions remain as to whether the guidance will reflect the practical reality for corporates, both in terms of the forecasted timetables and whether DPAs will truly be available in the ways advertised.
Our Business Crime and Investigations team consists of two former SFO controllers, Anna McIntyre and Phillippa Ellis, and a forensic accountant and former SFO investigator, Paul Chadwick. With Anna McIntyre having been part of the SFO negotiation team in one of the last SFO DPAs in 2021, Amec Foster Wheeler, and with unique insight into the world of DPA negotiations, together, they explore the key takeaways from the guidance and what it means for companies considering their options when faced with potential wrongdoing.
Encouragement of Self-Reporting
To encourage self-reporting of criminality, the SFO details that companies who flag potential breaches of economic crime legislation such as bribery and fraud will be invited to co-operate with investigators and ultimately offered the chance to negotiate a DPA in all but ‘exceptional circumstances’.
Capital comment:
Self-reporting has previously been at the heart of many, but not all, of the previously concluded DPAs with the SFO. Companies have previously been rewarded for their assistance in bringing wrongdoing to light, both through the availability of a DPA in the first place (in lieu of full-scale prosecution) but also in reductions in the attached financial penalties. This is fair and just, as self-reporting wrongdoing that may not otherwise see the light of day is clearly a highly risky, brave and ethical choice for companies to take – and one that should be met with encouragement and incentives from the investigative authorities.
The ‘all but exceptional circumstances’ reassurance is, however, restricted to the invite into DPA negotiations only. It is no guarantee of a DPA; either that a DPA will be presented by the SFO to a court for approval, or of course that the DPA negotiated will meet with judicial approval.
The most recent DPAs brought before the High Court have been scrutinised carefully – both in terms of the criminality reflected in the Statements of Facts, and every pound of the negotiated financial settlements. Ultimately any DPA must be judged to be in the interests of justice, and the proposed terms fair, reasonable, and proportionate, in line with the requirements of Schedule 17 of the Crime and Courts Act 2013. Self-reporting criminality is still no guarantee of a better outcome – though it clearly increases the chances – more so than ever before.
Co-operation criteria
The SFO sets out that genuine co-operation, for the purposes of accessing a DPA invitation, will include:
- Preservation of evidence
- Early engagement with the SFO and other authorities
- Provision of the facts to the SFO
- Refraining from actions that could prejudice an investigation, such as interviewing witnesses or suspects without consulting the SFO
- Voluntary waiver of legal professional privilege (though in no way required, made clear to ‘weigh strongly in favour of co-operation’)
- A thorough analysis of the company’s past and present compliance programmes
- Facilitation of interviews with key employees, and assurance that independent legal advice will be made available to employees
Capital Comment:
It will be a careful balancing act (as it has always been) for companies who suspect there may be fraud, bribery or corruption within their organisation and wish to access a DPA. A company will want to conduct an internal investigation to understand what has happened and whether a self-report is appropriate, but it must also avoid being perceived to ‘trample over the crime scene’ from the SFO’s perspective, by interviewing key witnesses and suspects and potentially compromising criminal evidence.
Careful and early involvement of lawyers who understand what is required, and can expertly navigate this sensitive phase will be key, to ensure a healthy relationship with the SFO is preserved.
Timelines
Two key timelines are highlighted in the guidance:
- Self-reports must be made within a reasonable time after suspicions come to light. Delays or reporting under the threat of imminent disclosure by third parties may mitigate against the offer of a DPA.
- The SFO commits to responding to self-reports within 48 hours, deciding on initiating an investigation within six months, and concluding DPA negotiations within six months thereafter.
Capital comment:
Within a ‘reasonable time’ is open to interpretation and will likely include consideration by the SFO of i) what a reasonable internal investigation looks like; ii) not ‘sitting on’ allegations without action; and iii) prompt board-level attention and action.
Separately, the SFO’s timetables are reassuring and a significant speeding up from previous investigation timetables. However in our experience, the perceived lack of speed in SFO investigations is not generally due to a lack of desire from the agency, but from internal or external currently unavoidable constraints such as:
- A lack of adequate resourcing at the agency, due to limited public funds, resulting in delays to investigative timetables they would otherwise like to achieve;
- Delays in obtaining overseas evidence or co-operation; for example responses to Mutual Legal Assistance requests, which often take months, or uncontrollable delays from other agencies in parallel investigations;
- Listing constraints; all DPAs must meet with judicial approval, and well publicised delays to accessing court time may again push back timetables.
The ambitious timelines set out may therefore not reflect the practical reality for companies wishing to access a swift resolution.
Why now?
The guidance comes in the context of a decrease in self-reports to the agency, and with the SFO’s last DPA concluded almost 4 years ago, in the summer of 2021.
It is also published deliberately in advance of the availability of the new ‘failure to prevent fraud’ offence coming into effect in September this year under s.199 of the Economic Crime and Corporate Transparency Act (ECCTA), where strict liability offending will become available to the agency when considering corporate liability and indictments.
Capital Comment:
When the Failure to Prevent Bribery offence came into force under s.7 Bribery Act 2010, the SFO was able to much more easily prosecute, or bring to the table for DPA negotiations, corporates for strict liability offending for bribery committed by their associated persons. This accounted for many charges on the underlying indictments to the SFO’s DPAs over the last decade.
We anticipate the same will happen again with the advent of the Failure to Prevent Fraud offence under ECCTA from September onwards. It will take a while for those first offences to happen, be investigated, and prosecuted or DPAs concluded, but the effects will be immediate for corporates – you are liable from September for the fraudulent or corrupt acts of your associated persons. It is imperative that companies ensure their compliance systems and procedures are up to date so as to minimise risk, but also ensure they may access the ‘reasonable procedures’ defence if necessary.
How can we help?
Our Business Crime & Investigations team is uniquely placed in the market to help your business understand its obligations. We consist of three former SFO officers; two former prosecutors and a forensic accountant investigator, who were previously involved in investigating, prosecuting, and negotiating with companies on the most complex cases of economic crime on behalf of the SFO. This means we understand exactly the mindset the SFO will bring to bear when enforcing the new tools in its arsenal – and how to ensure your company is best placed to handle the challenges ahead – without charging the typical City rates.
We can:
- Conduct internal investigations with speed and precision, helping you get to the heart of the issue, while simultaneously navigating considerations such as whether to self-report suspected wrongdoing to the SFO, and helping you understand the key considerations and attitudes the SFO is likely to have.
- Conduct a risk assessment, giving you an understanding of your business’ individual risk profile and the risk-proportionate measures it needs to put in place to ensure it is protected.
- Train your staff to ensure they understand their responsibilities, and how ECCTA and its new offences will affect them in their day-to-day roles.
- Provide your staff with guidance, including template documents to guide them on ECCTA’s key principles and ensure they are able to recognise ‘red flags’ for economic crime and feel able to escalate concerns.
- Review your current policies and procedures and ensure they’re up to date and ‘ECCTA-ready’.
- Conduct on-going monitoring, to ensure new changes in the landscape are reflected, and any risks or concerns are dealt with promptly.
To receive further information and regular updates from our team, get in touch, or sign up to our Business Crime & Investigations Insights here.
