Blog

SFO Updates Compliance Guidance as UK Moves Toward Whistleblower Incentives

by CBIA Team

Updated December 07, 2025

Feature image — CBIA thanks Tima Miroshnichenko for the photo

The UK’s Serious Fraud Office has issued refreshed guidance on how it evaluates corporate compliance programmes, expanding its scope to cover the new “failure to prevent fraud” offence and emphasizing practical effectiveness over paper policies. The update comes as UK enforcement agencies, led by HM Revenue & Customs, begin implementing financial incentives for whistleblowers in a move that could reshape corporate accountability in Britain.

Background and Context

The new guidance, released in 2025, replaces the SFO’s 2020 framework and reflects the evolving landscape of corporate criminal liability in the UK. It now explicitly addresses both the Bribery Act 2010 and the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which introduced the corporate offence of “failure to prevent fraud.” According to the SFO, the updated document aims to provide clearer expectations for organizations facing investigation or prosecution.

The shift aligns with broader international trends, as referenced in the guidance, citing standards from the US Department of Justice and France’s AFA. This global benchmarking underscores the UK’s effort to harmonize its enforcement approach with leading jurisdictions.

Key Changes and Expectations

The 2025 guidance introduces several notable changes from its predecessor. While the 2020 version focused primarily on bribery prevention, the new framework applies to a wider range of corporate offences, including fraud. It stresses that compliance programmes must be genuinely effective in practice, not merely on paper. The SFO warns that policies alone are insufficient and will scrutinize how compliance is embedded in corporate culture and daily operations.

The guidance adopts the Ministry of Justice’s six principles for compliance: top-level commitment, risk assessment, proportionate procedures, due diligence, communication (including training), and ongoing monitoring. A new FAQ section clarifies that isolated compliance failures do not automatically render a programme ineffective, but organizations must demonstrate robust systems against circumvention.

The SFO also emphasizes its intent to “dig behind generalities” and “challenge high-level assertions,” gathering information from multiple sources to assess compliance effectiveness. This approach mirrors the agency’s recent corporate cooperation guidance, which rewards transparency and substantive evidence over superficial compliance.

Legal and Financial Mechanisms

The guidance outlines six scenarios where compliance effectiveness will be assessed: prosecution decisions, deferred prosecution agreements (DPAs), DPA terms and monitorships, statutory defenses for bribery and fraud, and sentencing. By linking compliance to these critical junctures, the SFO signals a tougher enforcement environment where demonstrable, risk-based programmes are essential.

The SFO’s holistic assessment means there are “no preordained answers” to guarantee an effective compliance rating. Instead, it will consider each organization’s unique circumstances, reinforcing the need for tailored, regularly reviewed programmes.

International Implications and Policy Response

The updated guidance reflects growing international pressure for corporate accountability, particularly as the UK expands its liability framework. The inclusion of the ECCTA’s “reasonable procedures” defense for fraud marks a significant shift, bringing the UK closer to jurisdictions like the U.S., where corporate liability for financial crimes is more established.

Meanwhile, the UK is moving toward incentivizing whistleblowers. HMRC recently announced financial rewards of up to 30% of tax collected for tips on serious tax evasion or avoidance, provided the recovery exceeds £1.5 million. The SFO has long advocated for such incentives, citing the personal risks whistleblowers face. While implementation remains in its infancy, HMRC’s discretionary scheme could pave the way for broader adoption across UK enforcement bodies.

These developments align the UK more closely with the U.S. model, where agencies regularly award substantial incentives for whistleblowing. However, the UK’s approach remains cautious, with payouts at HMRC’s discretion and no guaranteed rewards.