Serious Fraud Office

A new offence of failure to prevent fraud (FTPF) came into force in September 2025. Large organisations now face unlimited fines if they fail to prevent fraud by associated persons, unless they have “reasonable” fraud-prevention policies and procedures in place. (A ‘large organisation’ is one that meets at least two of three criteria: over 250 employees, turnover over £36m, and assets worth over £18m. These criteria apply to the whole organisation – so the small UK subsidiary of a larger business could be in scope.) FTPF spans seven distinct fraud offences and captures even indirect benefits, making its scope far wider than that of the Bribery Act 2010 and its compliance burden heavier. The SFO’s enforcement priorities are thus expected to broaden, extending beyond industries traditionally associated with bribery and corruption risks.

The new year will see many businesses reviewing their compliance procedures after the SFO’s recent updates to its guidance on when, why and how it will evaluate compliance regimes. The guidance outlines the six scenarios in which the SFO may need to evaluate an organisation’s compliance programme – one being to determine whether an organisation has a defence of ‘reasonable procedures’ to a charge of failure to prevent fraud. It makes clear that having policies, procedures and controls in place does not automatically mean a compliance programme is effective. Instead, the SFO’s “holistic” assessment of a compliance programme will be “based on the organisation’s individual circumstances,” and will “seek to get behind the pronouncements and determine how policies and procedures translate into conduct on the ground.”

ECCTA replaced the historic 'directing mind and will' test for corporate prosecutions – which required criminal conduct at the most senior corporate level – with strict liability for companies when 30 specified economic crimes are committed by senior managers acting within their actual or apparent authority. These offences include bribery and fraud. Where these offences are committed by senior managers of companies, neither of the policies and procedures-related defences open to corporates under the failure to prevent offences in the Bribery Act or ECCTA will be available – although the updated SFO-CPS guidance says that prosecutors will consider the robustness of compliance programmes when deciding whether prosecution is in the public interest.

The Crime and Policing Bill currently before parliament would extend this principle to all criminal offences, a major shift in corporate liability. If enacted, the SFO would be able to pursue a broader range of corporate wrongdoing, with direct corporate liability adding complexity that brings cases within its statutory remit to investigate and prosecute serious or complex fraud. Economic and quasi-economic crimes – such as insider dealing, misleading financial statements, concealment of liabilities, failure to disclose material information, or cyber-enabled economic crime like hacking, ransomware, or data manipulation – have traditionally been difficult to attribute to a company’s directing mind and were usually prosecuted only against individuals. Under the new regime, these offences could be prosecuted directly against companies.

The SFO has developed a ‘dedicated crypto cadre’, increasing its ability to respond to the use of crypto assets. It recently raided premises and arrested individuals in its first major investigation into crypto-related fraud. It is also looking increasingly at how cryptocurrency can be used to hide profits, and has begun using ‘crypto wallet freezing orders’ to freeze and recover crypto assets. Businesses using crypto should expect greater scrutiny and may wish to review their compliance programmes.

Under Nick Ephgrave, the SFO has pushed for whistleblower incentivisation reform. Its 2024-2025 Annual Report reported 167 whistleblowing disclosures. The recent turbocharging of HMRC’s reward scheme for those reporting tax avoidance or evasion is significant, and it would be no surprise to see the SFO launch an enhanced programme for whistleblowers during 2026.