New SFO compliance guidance: from paper to practice

New SFO compliance guidance: from paper to practice

GoodBlog | read time: 3 min

Published: 27 January 2026

In keeping with the recent reform of corporate criminal liability under the Economic Crime and Corporate Transparency Act (ECCTA), the UK Serious Fraud Office (SFO) has recently published updated Guidance on Evaluating Corporate Compliance Programmes. This guidance emphasises the need for companies to have effective and robust compliance programmes which translate paper into practice.  

Why the SFO may need to evaluate an organisation’s compliance programme

The new guidance follows the joint publication in August by the SFO and CPS (Crown Prosecution Service) of updated Corporate Prosecution Guidance. This explains the considerations which the SFO and Crown Prosecutors are expected to make when completing a Full Code Test, which is a two-part assessment of whether there is both an evidential basis and a public interest basis for deciding to prosecute a corporate offender. 

An important part of both tests, set out in the Corporate Prosecution Guidance, is the evaluation of an offender’s compliance programme. The SFO may decide not to pursue a prosecution based on evidence that an organisation has reasonable procedures in place to prevent offences and/or an effective compliance programme supported by a management team which takes a proactive approach to compliance.  

The new guidance references this case and five other scenarios where the SFO may need to evaluate an organisation’s compliance programme. This is where the SFO could be considering: a Deferred Prosecution Agreement (DPA); whether to include compliance terms and/or a monitorship as part of a DPA; whether an organisation has adequate anti-bribery procedures as per the UK Bribery Act; whether an organisation has fraud prevention procedures as per the ECCTA; or as part of an assessment of an organisation’s compliance systems for sentencing in line with Sentencing Council Guidelines.  

What the SFO expects of compliance programmes

The new guidance’s FAQ section provides welcome clarity on what the SFO expects from compliance programmes in practice. It emphasises that because compliance arrangements vary by organisation’s scope, the SFO does not have a formal interpretation or definition of what constitutes adequate or reasonable procedures. Instead, compliance programmes will be assessed on an individual basis and based on how policies and procedures translate into conduct on the ground.  

The SFO expects compliance programmes to be more than a ‘paper exercise’, with the guidance emphasising that organisations should regularly review their programmes to ensure that they remain specific, proportionate and effective. The SFO points to the value of using external sources to help determine what may constitute an effective compliance programme, also noting that organisations with US or French links may be assisted by drawing on Department of Justice (DOJ) and Agence Française Anticorruption (AFA) guidelines. 

 How the SFO will evaluate compliance

In practical terms, the FAQ section also explains the tools which the SFO would use to evaluate the effectiveness of a compliance programme. It would focus on outputs, gathering information from voluntary disclosures and interviews, questions put directly to the organisation, witness interviews and disclosure documents or information compelled using investigative powers under the Criminal Justice Act, and suspect interviews under the Police and Criminal Evidence Act.   

The GoodCorporation view

The guidance explains the SFO’s expectations for organisations’ compliance programmes to be thorough, effective, and responsive to regular review. It also adds clarity to organisations’ understanding of the frameworks that the authorities are using for assessing alleged corporate offending under the Economic Crime and Corporate Transparency Act (ECCTA), the Bribery Act, the Criminal Finances Act, and the Companies Act.  

The UK Government also recently published a new and long-awaited anti-corruption strategy, where it made commitments to expand the SFO’s crime prevention capabilities and strengthen incentives for corporates to self-report. 

Reading the new publications in conjunction, the case for strong compliance programmes is clear. Now is an important time for organisations to show proactivity by reviewing their compliance programmes against the principles highlighted in the guidance.  

How GoodCorporation can help

GoodCorporation is well equipped to help organisations determine what may constitute and develop an adequate, reasonable and effective compliance programme. We have extensive experience independently designing, building, embedding and assessing programmes in line with the standards expected by the SFO, AFA, DOJ and global best practice.  

work with us