The SFO’s Corporate Guidance: Another Chapter in the SFO’s Playbook

On 24 April 2025, the UK’s Serious Fraud Office ("SFO") launched its updated External Guidance on Corporate Co-operation and Enforcement in relation to Corporate Criminal Offending (“Corporate Guidance”), cementing a bold approach to enforcement. As noted in our previous client alert, SFO director Nick Ephgrave is focused on a renewed commitment to combatting bribery and fraud. The Corporate Guidance – designed to incentivise self-reporting by making it clear that companies reporting promptly and cooperating fully will (usually) be invited to negotiate a Deferred Prosecution Agreement (“DPA”)[1] rather than face prosecution – forms a key component of Ephgrave’s plans.

In this client alert, we set out four takeaways for companies from the Corporate Guidance.

1. Reporting Obligations 

It is important to note, up front, that there is no general positive obligation under English law to report wrongdoing. Ephgrave has acknowledged that the Corporate Guidance is not legally binding and that corporates may choose to ignore it. Of course, companies operating in various regulated sectors may be obliged to report certain wrongdoing to their regulators, but the Corporate Guidance is concerned with voluntary reporting.

Companies should be aware, when fulfilling a regulatory requirement by reporting to another regulator (even a non-UK regulator), or submitting a Defence Against Money Laundering (“DAML”) to the National Crime Agency (“NCA”)[2], that the information may well make its way to the SFO. And if they have not reported the matter to the SFO, cooperation credit will be impacted. Ephgrave has been clear that companies should report “as soon as [they] have reasonable suspicion”.

2. The Importance of Timing

When deciding whether to report, companies often seek a (near) complete picture of the suspected wrongdoing to inform their assessment of the risks. Acknowledging the reality of corporate decision-making, the SFO accepts that some level of internal investigation may be needed before self-reporting. But it does not define timeframes, and warns against dragging things out beyond “a reasonable time” after the issue came to light.

Ephgrave has suggested that an internal investigation should be limited, noting that “If you need to ask questions just to establish whether, or by whom, an offence is committed, that’s probably okay,” but “as soon as you have reasonable suspicion – it doesn’t have to be ‘beyond reasonable doubt’, doesn’t have to be ‘on the balance of probabilities’, just reasonable suspicion you’ve got some offending going on – that’s the point at which you stop, that’s the point at which you talk to us.”

The “reasonable suspicion” test is a test that Ephgrave, who comes from a strong policing background, is clearly familiar with. It is a test used to justify the exercise of various police powers, including under the Police and Criminal Evidence Act 1984 (“PACE”). For example, when it comes to powers of arrest, the test requires that the officer has a genuine suspicion that an offence has been committed, as well as (objectively) reasonable grounds for holding that suspicion, at the time the power is used[3]. Case law has clarified that “Suspicion arises at or near the starting-point of an investigation of which obtaining the prima facie proof is the end.” [4] This would suggest, therefore, that for the purposes of the Corporate Guidance, the SFO expects a self-report where there is a reasonably held, genuine suspicion that a criminal offence has been committed, and where the corporate has uncovered enough in the internal investigation to justify a fuller investigation. In our view, depending on the nature of the conduct, this may allow for a reasonably substantial internal investigation, sufficient to indicate what criminal offence has been committed and by whom.

3. Self-reporting is Just the First Step

Once a self-report has been made, the corporate is expected to provide genuine cooperation to be invited to negotiate a DPA. From the get-go, companies need to be ready to play on the SFO’s terms to benefit from their self-report. These terms are somewhat made clear in the Corporate Guidance.

First, tactics like forum shopping, delaying disclosure or burying the SFO in data may be seen as uncooperative.

Second, to be considered sufficiently cooperative under the Corporate Guidance, companies are expected to carry out internal investigations in coordination with the SFO, with the SFO being informed in advance of any planned steps in the investigation. It places special emphasis on informing the SFO before conducting internal interviews and refraining from interviewing employees at the SFO’s request. It is not clear how these expectations align with the timing of the initial self-report, and the level of suspicion that a criminal offence has been committed, which as noted above will be fact-specific issues. As ever, the devil will be in the detail of any particular case.

Third, and importantly, in so far as legal professional privilege (“LPP”) is concerned, while the Corporate Guidance maintains the position that companies will not be penalised for valid claims of LPP over relevant material, it also provides that it "consider[s] a waiver of legal professional privilege to be a significant co-operative act [that] can help expedite matters". A voluntary waiver of privilege over a privileged interview record will "weigh strongly in favour of co-operation". For any company dealing with multiple regulators in multiple jurisdictions, or a risk of parallel or follow-on civil litigation, careful thought will need to be given to issues arising from (partial) waiver of LPP.

4. Resolution After Self-reporting

While the Corporate Guidance does not rule out a DPA in cases where companies have not self-reported, and while self-reporting is no guarantee of a DPA, aligning with the Corporate Guidance is the surest path towards one.

A company that uncovers wrongdoing often faces a years-long journey to resolution, creating instability and uncertainty for companies. Business As Usual in the face of invasive investigative orders and extensive legal spend is challenging. Clarity and some sense of certainty can make all the difference. In an effort to provide some of this, the Corporate Guidance clarifies that the SFO will aim to contact companies within 48 business hours of receiving a self-report and will decide whether to open an investigation within six months of the report. The SFO also said it will conclude investigations within a “reasonably prompt time frame” and aim to finalise DPA negotiations within six months of inviting a company to negotiate. While the overall length of a “reasonably prompt” investigation remains uncertain, companies now have a clearer understanding of what the process may involve.

Wider context

The new Corporate Guidance may incentivise companies to self-report, but it should not be viewed in isolation. It forms part of the SFO’s wider approach to aggressively pursue corporate wrongdoing. This includes a sincere appetite to enforce the Failure to Prevent Fraud offence coming into force in September, a focus on the newly enacted senior management regime to more easily establish corporate criminal liability and a commitment to join forces with the Swiss and French authorities as part of a new investigative and prosecutorial taskforce. Companies considering their options in the context of alleged financial misconduct must do so with an eye to the SFO’s wider enforcement landscape.

[1] DPAs are agreements between the SFO and a company where the SFO suspends criminal charges against a company, provided the company meets certain conditions.

[2] Where a company has a suspicion that property is the proceeds of crime, and it risks committing money laundering by dealing with it, it can request a DAML from the NCA. A company does not commit money laundering if it receives a DAML from the NCA.

[3] O’Hara -v- Chief Constable of the Royal Ulster Constabulary [1997] AC 286

[4] Hussien v Chong Fook Kam [1970] AC 942

Footnotes

[1] DPAs are agreements between the SFO and a company where the SFO suspends criminal charges against a company, provided the company meets certain conditions.

[2] Where a company has a suspicion that property is the proceeds of crime, and it risks committing money laundering by dealing with it, it can request a DAML from the NCA. A company does not commit money laundering if it receives a DAML from the NCA.

[3] O’Hara -v- Chief Constable of the Royal Ulster Constabulary [1997] AC 286

[4] Hussien v Chong Fook Kam [1970] AC 942

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

The SFO’s Corporate Guidance: Another Chapter in the SFO’s Playbook

On 24 April 2025, the UK’s Serious Fraud Office ("SFO") launched its updated External Guidance on Corporate Co-operation and Enforcement in relation to Corporate Criminal Offending (“Corporate Guidance”), cementing a bold approach to enforcement. As noted in our previous client alert, SFO director Nick Ephgrave is focused on a renewed commitment to combatting bribery and fraud. The Corporate Guidance – designed to incentivise self-reporting by making it clear that companies reporting promptly and cooperating fully will (usually) be invited to negotiate a Deferred Prosecution Agreement (“DPA”)[1] rather than face prosecution – forms a key component of Ephgrave’s plans.

In this client alert, we set out four takeaways for companies from the Corporate Guidance.

1. Reporting Obligations 

It is important to note, up front, that there is no general positive obligation under English law to report wrongdoing. Ephgrave has acknowledged that the Corporate Guidance is not legally binding and that corporates may choose to ignore it. Of course, companies operating in various regulated sectors may be obliged to report certain wrongdoing to their regulators, but the Corporate Guidance is concerned with voluntary reporting.

Companies should be aware, when fulfilling a regulatory requirement by reporting to another regulator (even a non-UK regulator), or submitting a Defence Against Money Laundering (“DAML”) to the National Crime Agency (“NCA”)[2], that the information may well make its way to the SFO. And if they have not reported the matter to the SFO, cooperation credit will be impacted. Ephgrave has been clear that companies should report “as soon as [they] have reasonable suspicion”.

2. The Importance of Timing

When deciding whether to report, companies often seek a (near) complete picture of the suspected wrongdoing to inform their assessment of the risks. Acknowledging the reality of corporate decision-making, the SFO accepts that some level of internal investigation may be needed before self-reporting. But it does not define timeframes, and warns against dragging things out beyond “a reasonable time” after the issue came to light.

Ephgrave has suggested that an internal investigation should be limited, noting that “If you need to ask questions just to establish whether, or by whom, an offence is committed, that’s probably okay,” but “as soon as you have reasonable suspicion – it doesn’t have to be ‘beyond reasonable doubt’, doesn’t have to be ‘on the balance of probabilities’, just reasonable suspicion you’ve got some offending going on – that’s the point at which you stop, that’s the point at which you talk to us.”

The “reasonable suspicion” test is a test that Ephgrave, who comes from a strong policing background, is clearly familiar with. It is a test used to justify the exercise of various police powers, including under the Police and Criminal Evidence Act 1984 (“PACE”). For example, when it comes to powers of arrest, the test requires that the officer has a genuine suspicion that an offence has been committed, as well as (objectively) reasonable grounds for holding that suspicion, at the time the power is used[3]. Case law has clarified that “Suspicion arises at or near the starting-point of an investigation of which obtaining the prima facie proof is the end.” [4] This would suggest, therefore, that for the purposes of the Corporate Guidance, the SFO expects a self-report where there is a reasonably held, genuine suspicion that a criminal offence has been committed, and where the corporate has uncovered enough in the internal investigation to justify a fuller investigation. In our view, depending on the nature of the conduct, this may allow for a reasonably substantial internal investigation, sufficient to indicate what criminal offence has been committed and by whom.

3. Self-reporting is Just the First Step

Once a self-report has been made, the corporate is expected to provide genuine cooperation to be invited to negotiate a DPA. From the get-go, companies need to be ready to play on the SFO’s terms to benefit from their self-report. These terms are somewhat made clear in the Corporate Guidance.

First, tactics like forum shopping, delaying disclosure or burying the SFO in data may be seen as uncooperative.

Second, to be considered sufficiently cooperative under the Corporate Guidance, companies are expected to carry out internal investigations in coordination with the SFO, with the SFO being informed in advance of any planned steps in the investigation. It places special emphasis on informing the SFO before conducting internal interviews and refraining from interviewing employees at the SFO’s request. It is not clear how these expectations align with the timing of the initial self-report, and the level of suspicion that a criminal offence has been committed, which as noted above will be fact-specific issues. As ever, the devil will be in the detail of any particular case.

Third, and importantly, in so far as legal professional privilege (“LPP”) is concerned, while the Corporate Guidance maintains the position that companies will not be penalised for valid claims of LPP over relevant material, it also provides that it "consider[s] a waiver of legal professional privilege to be a significant co-operative act [that] can help expedite matters". A voluntary waiver of privilege over a privileged interview record will "weigh strongly in favour of co-operation". For any company dealing with multiple regulators in multiple jurisdictions, or a risk of parallel or follow-on civil litigation, careful thought will need to be given to issues arising from (partial) waiver of LPP.

4. Resolution After Self-reporting

While the Corporate Guidance does not rule out a DPA in cases where companies have not self-reported, and while self-reporting is no guarantee of a DPA, aligning with the Corporate Guidance is the surest path towards one.

A company that uncovers wrongdoing often faces a years-long journey to resolution, creating instability and uncertainty for companies. Business As Usual in the face of invasive investigative orders and extensive legal spend is challenging. Clarity and some sense of certainty can make all the difference. In an effort to provide some of this, the Corporate Guidance clarifies that the SFO will aim to contact companies within 48 business hours of receiving a self-report and will decide whether to open an investigation within six months of the report. The SFO also said it will conclude investigations within a “reasonably prompt time frame” and aim to finalise DPA negotiations within six months of inviting a company to negotiate. While the overall length of a “reasonably prompt” investigation remains uncertain, companies now have a clearer understanding of what the process may involve.

Wider context

The new Corporate Guidance may incentivise companies to self-report, but it should not be viewed in isolation. It forms part of the SFO’s wider approach to aggressively pursue corporate wrongdoing. This includes a sincere appetite to enforce the Failure to Prevent Fraud offence coming into force in September, a focus on the newly enacted senior management regime to more easily establish corporate criminal liability and a commitment to join forces with the Swiss and French authorities as part of a new investigative and prosecutorial taskforce. Companies considering their options in the context of alleged financial misconduct must do so with an eye to the SFO’s wider enforcement landscape.

[1] DPAs are agreements between the SFO and a company where the SFO suspends criminal charges against a company, provided the company meets certain conditions.

[2] Where a company has a suspicion that property is the proceeds of crime, and it risks committing money laundering by dealing with it, it can request a DAML from the NCA. A company does not commit money laundering if it receives a DAML from the NCA.

[3] O’Hara -v- Chief Constable of the Royal Ulster Constabulary [1997] AC 286

[4] Hussien v Chong Fook Kam [1970] AC 942

Footnotes

[1] DPAs are agreements between the SFO and a company where the SFO suspends criminal charges against a company, provided the company meets certain conditions.

[2] Where a company has a suspicion that property is the proceeds of crime, and it risks committing money laundering by dealing with it, it can request a DAML from the NCA. A company does not commit money laundering if it receives a DAML from the NCA.

[3] O’Hara -v- Chief Constable of the Royal Ulster Constabulary [1997] AC 286

[4] Hussien v Chong Fook Kam [1970] AC 942

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

News and Insights

Podcasts

Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast

Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.

July 15, 2026

Publications

Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report

Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.

July 14, 2026

Publications

Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law

Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.

July 7, 2026

Publications

In New York Law Journal, The True Lender Doctrine and the OppFi Decision

Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.

July 1, 2026

Event

Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference

On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.

July 1, 2026