The Serious Fraud Office (SFO) has released a significant piece of guidance: Corporate Co-Operation and Enforcement in relation to Corporate Criminal Offending. It clarifies when and how the SFO will offer corporates the opportunity to negotiate a Deferred Prosecution Agreement (DPA) and outlines what true co-operation looks like. This is what companies should know and do to stay on the right side of the SFO.
The DPA invitation: A matter of cooperation
At the heart of the SFO’s new guidance is a recalibrated approach to Deferred Prosecution Agreements (DPAs). In plain terms, the SFO is now offering a clearer pathway for corporates that act responsibly when wrongdoing is uncovered. If a company promptly self-reports suspected criminal conduct and then fully co-operates with the SFO’s investigation, the agency will invite it to enter DPA negotiations unless there are exceptional reasons not to.
This is a notable evolution. Under the previous DPA Code, the wording was far more discretionary: a prosecutor may begin negotiations. That left companies uncertain about whether good-faith cooperation would actually pay off. Now, there’s a promise. For corporates that step forward early and offer genuine transparency, the door to a DPA is not just open—it’s held ajar.
Importantly, even those that fail to self-report aren’t entirely shut out. The SFO says it will consider a DPA invitation where a company provides exemplary co-operation during the investigation. That’s a high bar as exemplary goes beyond full cooperation, but it signals that redemption is still possible for those who didn’t act swiftly, provided they go above and beyond once the SFO is involved.
In effect, the guidance codifies a two-track route to leniency:
- Prompt self-reporting + full cooperation = invitation to negotiate a DPA, barring exceptional circumstances
- No self-reporting + exemplary cooperation = possible invitation
Either way, the message is unmistakable: silence and obstruction are not viable strategies. Co-operation isn’t just encouraged, but it will be the price of admission to a more favourable outcome.
Self-reporting: More than a tick-box exercise
For a corporate self-report to carry weight with the SFO, it must do more than simply satisfy regulatory obligations. Not all disclosures count. For example, submitting a Suspicious Activity Report (SAR) to the NCA or filing under PRIN 11 to the FCA won’t qualify as a self-report in the SFO’s eyes unless the SFO is informed at the same time or immediately thereafter. Simply put, if the SFO isn’t in the loop, the credit for disclosure doesn’t follow.
To do it properly, a company must go directly to the SFO’s Intelligence Division. That report should lay out the full picture: the suspected offences, the individuals involved, the jurisdictions concerned, and the location and status of any key evidence. The more detailed and candid the disclosure, the stronger the foundation for any future engagement.
The SFO has also committed to a timeline that reflects the seriousness of the gesture. It will seek to:
- Acknowledge a self-report within 48 business hours
- Decide on opening an investigation within six months
- Conclude DPA negotiations within six months of issuing an invitation
These benchmarks provide welcome clarity and predictability. For corporates weighing the risk of disclosure, the message is that stepping forward not only strengthens your position but triggers a structured, time-bound response. In short, the SFO wants to meet good faith with good process.
What “cooperation” really means
The SFO expects actions that go beyond mere legal compliance. These include:
- Proactively preserving all evidence
- Identifying and sharing relevant material, custodians, and overseas documents
- Informing the SFO of disciplinary actions, personnel changes, and compliance improvements
- Granting access to employees and supporting interviews
Internal investigations must also follow SFO-compatible protocols:
- Engage early with the SFO before launching
- Provide updates and avoid prejudicing the SFO’s own investigation
- Share non-privileged interview records—or waive privilege to gain credit
Privilege: The longstanding tension
The SFO continues to walk a fine line when it comes to legal professional privilege (LPP). On one hand, it explicitly states that a company will not be penalised for asserting a valid claim of privilege. On the other hand, it makes equally clear that waiving that privilege is seen as a significant act of cooperation, one that can help accelerate investigations and tilt the balance in favour of a DPA.
This position may seem contradictory. Companies are told they are free to protect privileged material, yet they are also encouraged to give it up if they want to demonstrate full transparency. The result is a framework that remains logically inconsistent, but it is at least a consistent inconsistency. Corporates have faced this ambiguity for over a decade, and the latest guidance does little to resolve the tension—only to reinforce the idea that privilege, while respected, is always up for negotiation.
- Maintaining LPP won’t be penalised
- Waiving it earns co-operation points
What NOT to do: Uncooperative conduct
Corporates should avoid:
- “Forum shopping” by reporting to other jurisdictions strategically
- Overwhelming the SFO with irrelevant or excessive material
- Obfuscating facts or delaying disclosure
- Exploiting international legal differences to avoid scrutiny
Providing unnecessarily large volumes of data, for example, is specifically flagged as obstructive, not helpful.
Final Takeaway: Cooperation is key
The SFO’s stance boils down to this:
Transparency, timeliness, and thoroughness are your best defences.
Need help preparing your compliance team? VinciWorks’ anti-bribery and corporate fraud training is built to align with latest SFO expectations.
