Introduction
The Serious Fraud Office (SFO) published an updated guidance on evaluating compliance programmes on November 26, 2025, solidifying a “refreshed approach” to corporate cooperation. The Guidance is particularly relevant as it outlines how “reasonable procedures” will be assessed under the new Failure to Prevent Fraud (FTPF) offence. The SFO’s updated position emphasizes demonstrable action over documentation.
Key Takeaways
Proof of Practical Effectiveness is Paramount
The SFO explicitly states that policies are not enough; the compliance programme must work in practice. The focus is shifting from “paper programs” to evidence of “conduct on the ground.” Organisations must anticipate scrutiny of implementation, including training records, audit trails, testing results, and evidence of escalation and remediation. Furthermore, anti-circumvention measures, such as approval processes and periodic audits, are highlighted as essential to ensure genuine effectiveness.
Programmes Must Be Tailored to Risk
There are no fixed expectations, as compliance arrangements must be specific to the size, nature, and unique risks of the organization. The SFO acknowledges that arrangements vary widely, but stresses that the emphasis is on ensuring the programme is effective for that particular organization and the field in which it operates. Even small organizations are expected to have some form of compliance framework in place.
Compliance Is a Strategic Factor in Charging Decisions
Having an effective compliance programme is not just a defence; it is a critical factor assessed by the SFO at every stage of an investigation. It influences whether prosecution is in the public interest, the terms of a DPA, or acts as a mitigating factor in sentencing. Following the overhaul of the corporate attribution principle, a strong programme is now even more critical at the investigative stage to influence a decision not to charge a company facing a ‘direct’ criminal offence.
Anticipate Early and Rigorous SFO Investigation
The SFO will assess the compliance programme early in an investigation and will use its full powers to do so. The SFO will deploy investigatory tools, including Section 2 compelled requests and interviews, to obtain evidence. Consequently, companies must be prepared to produce proof of operational effectiveness, not just policy documents. This requires maintaining structured and readily-disclosable records of compliance activities to withstand the expected level of scrutiny.
Conclusion
The updated SFO Guidance marks a significant and definitive move toward a results-oriented, demonstrable standard for corporate compliance. The era of box-ticking and static documentation is over. Companies must now prioritize continuous operational effectiveness, rigorous record-keeping, and the tailoring of their compliance programs to their specific risk environments. Ultimately, an effective and well-documented program is no longer a luxury, but a strategic imperative that directly influences the outcome of any potential SFO investigation.
Expositor(s): Adv. Archana Shukla
