In April 2025 – in keeping with the aims set out in its latest business plan – the UK Serious Fraud Office (SFO) issued updated guidance outlining its approach to – and the interplay between - corporate cooperation and the use of Deferred Prosecution Agreements (DPAs). In this article, we provide a summary of this new guidance, highlighting its key features as well as considering the question of whether it really moves the dial on how corporates are likely to approach the discovery of wrongdoing.
What is a Deferred Prosecution Agreement?
DPAs were made possible by section 45 and schedule 17 of the Crime and Courts Act 2013. These provisions set out the framework pursuant to which a prosecutor may negotiate with a defendant corporation to comply with certain requirements, in exchange for the suspension of a proposed prosecution. Such agreements are initiated by way of application to the High Court by the prosecutor that considers it to be in the interests of justice for such an agreement to be reached. Following an initial application and further negotiations, a further, substantive hearing takes place with a view to the agreement being ratified by the Court. As set out in the DPA Code of Practice, it has always been the position that "considerable weight may be given to a genuinely proactive approach adopted by…management team[s] when the offending is brought to their notice…".
What constitutes genuine cooperation?
The guidance states that corporates must go 'above and beyond' what the law requires, indicating that full compliance with legal obligations will not be sufficient. It is considered to be a proactive, transparent, and sustained effort by a corporate to assist the SFO in its investigation. Key elements may include:
- Prompt self-reporting of suspected wrongdoing
- Full, frank, and timely disclosure of relevant facts, including those that may be damaging
- Facilitating access to witnesses, including current and former employees
- Voluntary waiver of legal privilege over internal investigation materials
- Collecting and identifying documents and information likely to be relevant to the investigation, wherever held
- Sustained cooperation throughout the investigation and any subsequent legal proceedings
Conversely, the SFO also outlines behaviours that may be considered uncooperative and weigh against the offer of a DPA. These include "forum shopping", where a corporate may report the same wrongdoing in other jurisdictions for "strategic reasons", as well as tactical delays in providing relevant material.
It takes two…
With only a small number of DPAs having been agreed in the UK since 2013 (13 in total, 11 with the SFO), many feel that by seeking to drill down further into what constitutes genuine cooperation, the SFO is attempting to encourage a greater number of self-reports. In a similar vein, it is providing additional clarity on how the SFO will seek to progress any self-reports it does receive and any subsequent investigations or DPA negotiations. The SFO says it will seek to:
- Contact a self-reporting corporate within 48 business hours of a self-report or other initial contact
- Regularly update a self-reporting corporate throughout the process
- Decide whether or not to open an investigation within six months of a self-report
- Conclude an investigation within a reasonably prompt time frame
- Conclude DPA negotiations within six months of sending an invite
The above timetable provides the SFO with a not insignificant amount of room, should it not be in a position to keep to it. However, the increased clarity on this intended approach to timing will nevertheless be welcomed by cooperative, would-be self-reporting corporates and their advisers.
Outlook
Corporate criminal liability in the UK is changing, with significant legislative changes brought about by the Economic Crime and Corporate Transparency Act 2023. These changes include the modification of the identification doctrine, and the introduction of a new corporate criminal offence of failure to prevent fraud. Please see our prior article for more on these changes.
As corporates seek to update their compliance programmes and consider the fraud risk posed by their supply chains, in time for September (when the 'failure to prevent fraud' offence comes into force), the issuing of this updated guidance may serve as a timely 'nudge' to internal compliance teams and legal advisers. It is possible that – in turn - there will be a steady increase in the number of self-reports finding their way into the SFO's inbox, but it will take some time before any noticeable up-tick in the number of DPAs.
