Effective Compliance Is Not A Tick-box Exercise – The UK Serious Fraud Office Updates Its Guidance On Corporate Compliance Programmes

Updated guidance on corporate compliance programmes underscores the importance of an effective programme and the need for it to be more than a "paper exercise".

Companies' compliance programmes have taken on increasing significance over recent years, with the introduction of a range of "failure to prevent" offences that can be committed irrespective of the company's involvement in, or knowledge of, the underlying criminality. Such offences are, however, subject to a defence of "adequate" or "reasonable" procedures, as most recently exemplified by failure to prevent fraud.

Ensuring that a company's policies and procedures for preventing and identifying financial crime are fit for purpose is therefore essential to mitigate the risk of corporate criminal liability. As one of the key law enforcement agencies charged with investigating and prosecuting corporate misconduct, the Serious Fraud Office ("SFO") will scrutinise a company's compliance programme as part of its determination of whether a criminal prosecution is in the public interest, as well as in the context of other aspects of potential criminal proceedings, including consideration of a deferred prosecution agreement ("DPA") and at the time of sentencing for any criminal conviction. In this context, the SFO has issued updated guidance on its approach to evaluating a compliance programme (the "Guidance") with a view to providing greater clarity on how an organisation's programme will be assessed.

The Guidance represents a "refreshed" version of previous guidance on the same topic (available in the National Archives here). Whilst some of the content is therefore repeated (or only slightly amended), the Guidance is clearly intended as a reminder to companies of the importance of these programmes.

In addition to summarising the relevance of a company's compliance programme to the decision to enter into a DPA and, if so, whether the appointment of a monitor is an appropriate term of such a DPA, the Guidance provides an overview of the key principles under which a compliance programme will be assessed from the perspective of the "adequate procedures" defence to the offence of failure to prevent bribery (Bribery Act 2010) and, in a new addition, the "reasonable procedures" defence to the offence of failure to prevent fraud (Economic Crime and Corporate Transparency Act 2023).

The Guidance includes FAQs which provide some further insight into the SFO's approach. We note the following key points:

• As was the case in its previous iteration, although the Guidance recognises that compliance arrangements will vary in scope depending on the size of the organisation and the nature of the business, organisations of any size will be expected to have at least some compliance arrangements.
• A key feature of any compliance programme is that it needs to be effective and not simply a "paper exercise"; it is critical that the programme is proportionate, risk-based and regularly reviewed.
• The Guidance contains a new statement to the effect that the SFO's assessment of a compliance programme will be holistic and based on the organisation's individual circumstances. The SFO will "seek to get behind the pronouncements and determine how policies and procedures translate into conduct on the ground" and will "dig behind generalities and challenge high level assertions".

In the accompanying press release, Matthew Wagstaff, the SFO's Director of Legal Services states: "This updated guidance provides organisations with clear expectations and demonstrates our transparent approach to working with organisations that demonstrate best practice. Effective compliance is not a tick-box exercise – it's about creating genuine cultures that prevent fraud, bribery and corruption." Although this is not a new message to companies (particularly against the backdrop of continued expansion of corporate criminal liability), it reinforces the messaging in the SFO's most recent business plan that "both scrutiny and expectations of companies will increase". Companies should therefore ensure that they carefully consider relevant policies/procedures against available guidance on an ongoing basis; in the event that fraud or corruption issues arise internally, the state of the company's compliance programme will be of critical importance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.