In recent months, the U.S. Department of Justice (DOJ) has hit "pause" on enforcement of the Foreign Corrupt Practices Act (FCPA) and reoriented its other enforcement priorities away from investigating and prosecuting corporate bribery of U.S. companies.
But these changes should not be mistaken for a global retreat from anti-corruption efforts or a shift in international or even U.S. regulators' views on the need for robust internal controls and compliance programs. To the contrary, in May the DOJ issued new policies incentivizing companies to report, among other criminal violations, foreign corruption. In addition, three major developments in Europe underscore the continuing international regulatory interest in combating bribery and corruption and reinforce the need for strong internal controls and compliance programs: (1) the creation of an International Anti-Corruption Prosecutorial Taskforce (IATP), (2) the U.K's enactment of a new criminal offense, the Failure To Prevent Fraud (FTPF), and (3) the U.K.'s promulgation of new guidance regarding deferred prosecution agreements (DPAs).
The International Anti-Corruption Taskforce
On March 20, 2025, France's Parquet National Financier (PNF), the Office of the Attorney General of Switzerland (OAG), and the U.K.'s Serious Fraud Office (SFO) jointly announced the formation of the IATP to strengthen collaboration in combatting international bribery and corruption. The IAPT will be comprised of a "Leaders' Group" and a "Working Group" that will (1) increase cooperation in the investigation and prosecution of their respective cases, including through potential parallel actions and regular information exchange; and (2) enable broader international anti-corruption strategy by combining expertise and collaborating on operations.
SFO Director Nick Ephgrave emphasized that the IAPT was not formed in direct response to the Trump Administration's February 10, 2025 Executive Order and the DOJ's February 6, 2025 memorandum suspending and refocusing FCPA enforcement. Yet the announcement comes at a time when it is unclear which countries will take the lead in fighting corruption. Historically, U.S. regulators, particularly the DOJ, have guided global anti-corruption enforcement by forging partnerships with foreign regulators and law enforcement to gather evidence, access witnesses, and bring parallel enforcement actions. Now that the DOJ has taken a step back, France, Switzerland, and the U.K. are combining resources to be better equipped to attack international bribery and corruption more efficiently and expansively. The three countries have also "invite[d] other like-minded agencies involved in tackling international bribery and corruption to join the Taskforce."
The creation of the IAPT signals to companies subject to the U.K. Bribery Act of 2010, Article 322 of the Swiss Criminal Code, and France's Sapin II law, that the DOJ's reoriented enforcement priorities have had little effect on overall regulatory expectations. Indeed, as France, Switzerland, and the U.K. expand their joint efforts to combat corruption, we may see even more enforcement in this area. Accordingly, companies should continue to take anti-corruption seriously and maintain robust internal controls.
The U.K.'s Failure to Prevent Fraud Offense
On September 1, 2025, a new corporate criminal offense—Failure To Prevent Fraud—will go into effect in the U.K. Enacted as part of the U.K.'s Economic Crime and Corporate Transparency Act of 2023, the FTPF offense will expand the ways in which multinational organizations can be held liable for fraudulent conduct.
The FTPF offense applies to "large organisations," defined as companies that meet two of the three following thresholds in the financial year preceding the alleged offence: (1) more than 250 employees; (2) more than £36 million (∼$47 million USD) in net sales; (3) more than £18 million (∼$24 million USD) in total assets. A "large organisation" may be held liable for FTPF if it "fail[s] to prevent" the commission of certain enumerated fraudulent acts committed by those associated with the corporation and intended to benefit the corporation or its clients.
At its core, the FTPF offense employs several concepts similar to those of the FCPA. The FTPF offense requires: (1) an organization can be held liable for the conduct of associated persons, (2) a U.K. nexus is required, and (3) adequate internal controls are an available and singular defense.
- Violating Conduct: An organization can be held responsible for the actions of its employees, agents, subsidiaries, or other associated persons who provide services to or on behalf of the organization. The offense applies where an associated person commits—and the organization fails to prevent—one of several specific fraud offenses, including failure to disclose information the corporation is legally required to disclose, false statements by directors, false accounting, and fraudulent trading.
- Jurisdiction: The FTPF offense requires a U.K. nexus, meaning that at least one of the acts that was part of the alleged fraud took place in the U.K., the intended gain or loss is due to take place in the U.K., or a U.K.-based employee committed the offense.
- Defenses: An organization's only available defense to FTPF is that it has enacted reasonable procedures to prevent fraud or that it was not reasonable under the circumstances to expect the organization to have procedures that would have prevented the fraud at issue. In general, this defense requires a company's fraud prevention framework to include: (1) top level commitment to the prevention and detection of fraud, (2) risk assessment, (3) proportionate risk-based prevention procedures, (4) due diligence, (5) communication (including training), and (6) monitoring and review. To address potential subsidiary liability, U.K. Home Office Guidance suggests group-level policies and training and a group contact point for compliance. Corporations should evaluate and update their policies and procedures under each of these framework principles to minimize FTPF risk.
The U.K.'s Guidance Regarding Corporate Eligibility for Deferred Prosecution Agreements
The U.K. is also taking another familiar step in anti-corruption enforcement: incentivizing voluntary disclosure and cooperation through leniency. On April 24, 2025, the SFO issued new guidance regarding corporations' eligibility for DPAs to incentive corporations to voluntarily disclose wrongdoing and cooperate with the regulator. While each case will be fact-dependent, prompt self-reporting and full cooperation weigh heavily in favor of a DPA absent "exceptional circumstances."
The guidance explains that corporations can report suspected wrongdoing through the SFO Intelligence Division's new secure reporting portal, which is linked directly within the guidance. The guidance also provides detail on what constitutes "genuine cooperation": preservation of digital and hard copy material, sharing factual presentations, and early engagement with the SFO in any internal investigation.
In contrast, (1) "'forum shopping' by unreasonably reporting offending to another jurisdiction for strategic reasons,'" (2) "[s]eeking to exploit differences between international law enforcement agencies or legal systems," and (3) "[s]eeking to overload [the SFO's] investigation by providing unnecessarily large amounts of material that may hinder the effectiveness of the investigation," will be considered "uncooperative."
The guidance also outlines the process following a voluntary disclosure: (1) the SFO will contact the reporting entity within 48 business hours of a self-report or other initial contact; (2) the SFO will issue a decision on whether to open an investigation within six months of a self-report; and (3) the SFO will issue an invitation for DPA negotiations if applicable and conclude those negotiations within six months of sending the invitation.
***********
The U.S. government's signal to companies that foreign bribery, for the time being, may receive less attention and more lenient treatment has emboldened international regulators to take charge. Companies should take heed that domestic and international regulators have not changed their expectations that companies will implement and enforce adequate internal controls and compliance programs, identify and prevent fraudulent conduct, and self-report potential violations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
