Corporates that promptly self-report suspected criminal conduct and go on to demonstrate genuine cooperation with the SFO will be invited into DPA negotiations, unless exceptional circumstances apply
On 24 April, the SFO published new final guidance on its expectations around corporate cooperation and the knock-on effects on enforcement in relation to corporate criminal offending. The guidance details the SFO's key considerations under the public interest stage of the test used by Crown prosecutors when deciding whether or not to invite a corporate into deferred prosecution agreement ("DPA") negotiations. The key benefit of an invitation is that a corporate may avoid prosecution should it agree to and meet certain requirements set out in the DPA (e.g. payment of fines and implementation of specified compliance programme enhancements).
The guidance signifies a renewed SFO commitment both to DPAs as a form of corporate criminal justice and to actively encouraging self-reporting as compared to the earlier 2019 guidance. It also provides corporates with some greater (and welcome) certainty around the DPA process generally as well as additional details on the behaviours the SFO expects from corporates hoping to be invited into the process. Key points from the guidance include:
Self-reporting and cooperation
The new guidance places even more of an emphasis on the importance of self-reporting and cooperation than previous guidance (available here and here). The key aspect of the guidance is the new starting position that "if a corporate self-reports promptly to the SFO and co-operates fully", they will be invited to negotiate a DPA unless (unspecified) exceptional circumstances apply. It remains to be seen what practical difference this will make to self-reporting decisions, but it is a significant departure from the old guidance. It appears to establish a presumption that a self-reporting corporate will be entitled to a DPA invitation, rather than that corporate having to justify this within the framework set out in the DPA Code.
However, the SFO is clear that having self-reported and being cooperative throughout its investigation process are not one and the same:
"A self-reporting corporate must go on to provide genuine co-operation to be eligible to be invited to negotiate a DPA.
Conversely, a corporate which does not self-report can provide exemplary co-operation with our investigation to become eligible to be invited to negotiate a DPA."
Cooperative vs uncooperative behaviours
The new guidance does list examples of behaviours that it considers indicative of a "fully cooperative" corporate, but these either replicate behaviours that have been published in previous guidance or are extensions of them. By way of example, concerning the issue of data identification and collection, the SFO states that the following steps will likely be assessed as exemplary examples of cooperation (all of which have been communicated in some form or another in previous guidance):
preserving relevant digital and hard copy materials promptly and proactively;
providing a list of relevant document custodians and the location of the material;
identifying and/or producing relevant overseas documents within the control of the corporate;
identifying potentially relevant third-party material; and
providing translations of relevant foreign language documents.
The SFO also restates its assertions from previous guidance that: (i) tactically delaying providing information; (ii) obfuscating the involvement of certain individuals or trying to minimise the full extent of the suspected offending; and (iii) overloading the SFO's investigation by providing unnecessarily large amounts of documents all continue to be examples of uncooperative behaviour. Interestingly, the guidance has added to this list the following new factors:
unnecessary "forum shopping" (i.e. reporting offending to alternative jurisdictions for strategic reasons); and
seeking to exploit differences between international law enforcement agencies or legal systems.
It is unclear the extent to which the above factors have been added to the guidance on account of the divergence in anti-corruption enforcement posture between the UK and USA following the Trump Administration's pause on FCPA enforcement. However the fact of its inclusion, does reiterate recent statements by Nick Ephgrave emphasising the SFO's "appetite" to pursue investigations in the UK which may otherwise be impacted by the current US Administration's pause on FCPA enforcement1. However, any company considering self-reporting corruption or serious fraud offending to enforcement or a regulator in another jurisdiction, rather than the SFO, must now consider the risk that the SFO might consider that to be indicative of a lack of cooperation if the conduct has a UK nexus.
Timeframes
The new guidance commits the SFO to more specific timeframes for the various phases of the DPA process, specifically, the SFO will "seek" to:
contact a self-reporting corporate within 48 business hours of a self-report;
decide whether to open an investigation within six months of a self-report;
conclude an investigation within a "reasonably prompt" time frame; and
conclude DPA negotiations within six months of sending an invite - the reference to "negotiations" appears to intentionally exclude the process of a Court approving the DPA once negotiations have concluded from the six-month timeframe.
Naturally, the SFO has been circumspect in the language used, ensuring that its commitments are caveated. However, given that the scale, jurisdictional scope and investigative steps required by an investigation can vary dramatically, it is hard to see how the SFO can provide much more of a granular template timeframe. In providing actual benchmark timeframes (except for the "reasonably prompt" investigation phrase), the SFO has looked to provide a level of transparency to corporates as to what they can expect during the DPA process as well as providing a means of holding itself to account.
Legal professional privilege
The guidance largely restates the SFO's position from previous guidance on legal professional privilege ("LPP"). This includes the seemingly incongruous statements that: (i) a corporate which maintains a valid claim of LPP over relevant material will not be penalised for doing so; and (ii) the SFO will consider a waiver of LPP to be a significant cooperative act and it can help expedite matters. However, the removal of the expectation in previous guidance that privilege claims should be certified by independent counsel and the slight softening in tone may indicate a move towards a more sympathetic approach from the SFO in relation to corporates asserting privilege over relevant investigation materials; or at least an acceptance that this is a difficult area for corporates to navigate.
"Prompt" self-reporting
Whilst the new guidance does provide some welcome clarity, one area of the DPA process that has not clearly been addressed in the guidance is what "prompt" self-reporting looks like in practice.
There are two interconnected parts to determining what constitutes "prompt" self-reporting that have made it difficult for corporates to grapple with previous guidance: (i) what level of knowledge should a corporate have of the alleged criminal conduct before self-reporting; and (ii) what level of internal investigation should be conducted to establish and/or substantiate the relevant facts before doing so.
In relation to point one, the new guidance specifies that a self-report should: "identify all relevant known facts and evidence concerning the suspected offences, the individual(s) involved (both those inside and outside the organisation), and the relevant jurisdiction(s). The information provided to us should enable us to understand the nature and extent of the suspected offending".
In relation to point two, the guidance provides various factors relating to the conduct of internal investigations that will be considered as exemplary cooperation (e.g. refraining from interviewing employees at the SFO's request) - but these are only relevant once a self-report has been made, they do not cover the preliminary stages of an internal investigation into whether certain conduct warrants a self-report.
When reading points one and two together, the SFO appears to recognise that reaching the threshold of enabling the SFO to "understand the nature and extent of the suspected wrongdoing" requires a certain amount of preliminary internal investigation, but it does not address the point at which the company's knowledge of suspected criminal conduct triggers the "prompt" self-report clock -which we suspect will remain a difficult area of debate between corporates, their advisors and the SFO.
1 Comments made by Nick Ephgrave on 3 April 2025 when setting out the SFO’s annual business plan.
.jpg?crop=300,495&format=webply&auto=webp)
