Überblick
The enforcement environments in the US and UK are evolving at rapid pace. In the US, the Criminal Division of the Department of Justice (DOJ) issued a new White-Collar Enforcement Plan and several revised policy documents on 12 May 20251. This was followed on 9 June 2025 by new guidelines for investigating and enforcing the US Foreign Corrupt Practices Act (FCPA)2. In the UK, the Serious Fraud Office (SFO) has forged new international alliances, issued significant guidance on corporate self-reporting and co-operation, and has expansive new legislation in its arsenal.
In this alert, we highlight three key cross-Atlantic takeaways from these recent updates:
- further incentives to voluntary self-disclosure;
- a strong focus on fraud as an enforcement priority; and
- a commitment to continued anti-bribery enforcement, with a narrower focus on certain industries and types of conduct.
Self-Disclosure
The DOJ’s revised Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) offers companies greater incentives to voluntarily self-disclose misconduct, and additional certainty about the form of resolution they will face. The SFO issued new guidance in April 2025 which sought to achieve the same goals3. However, as summarised in the table below, the benefits offered by the DOJ remain more extensive and certain:
Category | DOJ CEP (May 2025) | SEO Guidance (April 2025) | |
---|---|---|---|
1. | Voluntary self-disclosure4 and Full co-operation (including remediation) and No “aggravating circumstances”5 (CEP) or “exceptional circumstances”6 (SFO Guidance) |
Declination | SFO will invite company to negotiate a Deferred Prosecution Agreement (DPA) – ultimately, a DPA also remains subject to Court approval. |
2. | “Near Miss” self-report: Full co-operation (including remediation) but ineligible for a declination because:(i) self-report was made in good faith but did not qualify as a voluntary self-disclosure7 or (ii) aggravating circumstances that warrant a criminal resolution are present8 |
Non-prosecution agreement with a term fewer than three years.
No independent compliance monitor. Penalty reduction of 75% off the low end of the US Sentencing Guidelines fine range |
No direct analogy, but broadly:
(i) a self-report which is considered deficient9 may fall into category 3 below, (ii) the nature and extent of any aggravating circumstances10 will form part of the SFO’s assessment as to whether a prosecution (rather than a DPA) is in the public interest |
3. | No self-report and Full co-operation (including remediation)11 |
Prosecutors have discretion to determine the appropriate resolution including its form, term length, compliance obligations, and monetary penalty.12 | The SFO will “consider” inviting company to DPA negotiations if it provides “exemplary” co-operation13 |
Timing Expectations
Although the size of their self-reporting ‘carrots’ differ, the DOJ CEP and the SFO Guidance have similar expectations as to how quickly a report should be made:
- The CEP “encourages” reports to be made at the “earliest possible time”, even when a company has not yet completed its own investigation. This translates into a requirement that, to remain eligible for a declination, a report must be made “within a reasonably prompt time” of the company becoming aware of the suspected misconduct.
- The SFO Guidance states that a “prompt” self-report “always weighs heavily in favour of a DPA”. On the other hand, a failure to self-report suspected offending within “a reasonable time of it coming to light” will negatively impact the SFO’s assessment. As with the DOJ, the SFO does not expect a company to wait to complete any internal investigation. The length of time that a company may reasonably take to investigate will depend on the evidence that emerges. Where there is clear evidence of corporate offending, the SFO Guidance expects a self-report “soon after learning of that evidence” but where the position is “less clear-cut” it accepts that further investigation may be necessary.
In the UK, it has been suggested that some scope for uncertainty was introduced by SFO Director Nick Ephgrave’s comments that as soon as a company has “reasonable suspicion you’ve got some offending going on – that’s the point at which you stop, that’s the point at which you talk to us.” However, this comment was made extemporaneously at a conference and it is possible that the Director was merely seeking to paraphrase the SFO Guidance. In any event, there is no “reasonable suspicion” threshold in the SFO Guidance. Indeed, in some scenarios, any such lower threshold could be in tension with the requirement that a self-report should provide information enabling the SFO to “understand the nature and extent of the suspected offending”. This would include identifying all known facts and evidence as at the time of reporting, the individuals involved, and the relevant jurisdictions. Providing the SFO with useful information in this respect may only be possible after a degree of internal investigation.
Ultimately, these issues all require very prompt consideration as soon as relevant information comes to light.
Practical Implications of Differing Incentives – UK Jurisdictional Triggers
Under the SFO Guidance, a company which reports suspected offending to any other agency, whether domestic or foreign (e.g., the DOJ), must also report the matter to the SFO “simultaneously or immediately thereafter” or it will not gain credit from the SFO for self-reporting.
This aspect has received relatively little attention to-date but its implications are illustrated by the CEP.
In a scenario where a company is considering making a prompt self-disclosure with the aim of obtaining a declination from the DOJ, it should first take steps to understand whether there is any potential UK jurisdiction. Depending on the facts, that may require a complex analysis while the self-disclosure clock is ticking. For example, under the ‘failure to prevent bribery’ (FTP Bribery) and ‘failure to prevent fraud’ (FTP Fraud) offences, UK and non-UK companies are capable of being liable for a wide range of conduct by their employees, agents and other ‘associated persons’ anywhere in the world, provided there is a relevant link to the UK. In short:
- The FTP Bribery offence can have entirely extra-territorial effect, but for it to apply to any non-UK company, it must ‘carry on a business’ (or part of a business) in the UK. This is a fact-sensitive test but UK government guidance indicates that companies with a “demonstrable business presence” in the UK are caught.
- The FTP Fraud offence requires the underlying fraud to have some UK nexus – meaning that: (i) part of the conduct took place in the UK; or (ii) gain or loss resulting from the fraud occurred in the UK. “Fraud” has a very wide meaning for the purposes of the FTP Fraud offence. It can encompass a broad range of dishonest conduct including, for example: making false or misleading representations (e.g., to customers or government authorities); failing to disclose information when under a legal duty to do so (e.g., to auditors or investors); improper revenue recognition practices; and falsifying accounting records.
Where there is a UK jurisdictional nexus, the company would need to weigh up the risks and benefits of a near-simultaneous report to the SFO. Important factors to note in that respect include the fact that any DOJ declination would be made public (so the SFO would likely learn of the matter anyway) and would generally not provide ‘double jeopardy’ protection against prosecution by the SFO or any other agency.
A company’s overall decision making in relation to self-reporting across multiple jurisdictions will be fact sensitive and strategically nuanced. However, in many cases, a ‘lowest common denominator’ approach tends to apply, with the decision to self-report being driven by the jurisdiction offering the greatest benefits.
The new prize of a guaranteed declination from the DOJ may therefore have the unintended consequence of driving additional reports to the SFO.
Focus on Fraud
Recent messaging from both the SFO and DOJ highlights fraud as a key enforcement priority for both agencies.
New SFO Powers
For the SFO, this reflects an eagerness to hold companies accountable using its new powers under the FTP Fraud offence. The offence applies to UK and non-UK companies and comes into force on 1 September 2025. Time is therefore running out to design and implement ‘reasonable fraud prevention procedures’ (the only defence to the FTP Fraud offence) in accordance with recommendations in UK Government guidance. The SFO has consistently stated that it intends to quickly hunt for targets using the new offence. For example:
- when the UK Government guidance on ‘reasonable fraud prevention procedures’ was published, the SFO Director warned that “time is running short for corporations to get their house in order or face criminal investigation”;
- the SFO Director has stated that “I want to be the first to prosecute someone under the new provisions…These are great new tools, let’s be bold about using those”; and
- one of the SFO’s most senior lawyers said that the SFO was “looking forward to using [FTP Fraud] to penalise large organisations who should be doing better”.
DOJ Priorities
For the DOJ’s part, the White-Collar Enforcement Plan focuses strongly on the harm that fraud causes to US interests. Accordingly, the ten “high-impact areas” which the DOJ will “prioritize investigating and prosecuting” include fraud in the following guises:
- waste, fraud, and abuse, including healthcare fraud and federal program and procurement fraud;
- trade and customs fraud, including tariff evasion;
- fraud perpetrated through variable interest entities (VIEs), including, but not limited to, offering fraud, “ramp and dumps,” elder fraud, securities fraud, and other market manipulation schemes;
- fraud that victimises US investors, individuals, and markets, including, but not limited to, Ponzi schemes, investment fraud, elder fraud, servicemember fraud, and fraud that threatens the health and safety of consumers; and
- crimes involving digital assets that victimise investors and consumers.
Not only is the DOJ taking an aggressive stance toward certain types of fraud, but the US Supreme Court recently upheld an expansive view of the US wire fraud statute. The Court held in Kousisis v. United States that a defendant may be convicted of wire fraud for inducing a victim to enter a contract under materially false pretences, even if there was no economic loss to the victim. This ruling may allow US prosecutors to pursue a broader range of fraud cases.
Practical Impacts
Illustrating the self-reporting dynamic discussed above, all the frauds highlighted in the DOJ’s White-Collar Enforcement Plan are also capable (in principle) of falling within the FTP Fraud offence, provided there is a UK nexus. That might be the case, for example, in the case of a US-orchestrated investment fraud that also had UK victims, or if the customs agents engaged by a US company made fraudulent customs declarations to the UK authorities. If a US company uncovered evidence of fraudulent conduct by its employees or agents and determined to make a voluntary disclosure to the DOJ, the existence of any UK jurisdictional triggers may also prompt a report to the SFO.
US companies assessing their fraud enforcement risks in light of the DOJ announcements or Kousisis decision may therefore also wish to incorporate a risk assessment aimed at the FTP Fraud offence. Such a risk assessment is a necessary foundation of ‘reasonable fraud prevention procedures’ under ECCTA. Our previous alert contained practical guidance on the methodology for conducting these risk assessments and how to avoid certain common pitfalls (including in relation to legal privilege).
Commitment to continued anti-bribery enforcement
In the first half of this year, early actions by the new US administration had put anti-bribery enforcement in doubt. In February 2025, Attorney General Pamela Bondi issued a memo that suggested FCPA enforcement could be significantly narrowed by focusing primarily on bribery that facilitates cartel operations and transnational criminal organisations. Just a few days later, President Trump issued an Executive Order pausing FCPA enforcement for 180 days, prompting some to wonder whether anti-bribery would cease to be a priority in this administration.
While the DOJ was signalling a potential retreat from anti-bribery enforcement, other jurisdictions were ramping up. The SFO in particular has been acting with renewed vigour in this space. In March 2025, the SFO established an ‘International Anti-Corruption Prosecutorial Taskforce’ with the French Parquet National Financier (PNF) and Office of the Attorney General of Switzerland (OAG) (Taskforce). Through the Taskforce, the SFO, PNF and OAG commit to strengthening their existing co-operation and collaborating to deploy their wide-reaching anti-bribery legislation to prosecute overseas conduct. Hot on the heels of the Taskforce, the SFO announced that it will join the International Anti-Corruption Coordination Centre (IACCC). Hosted by the UK National Crime Agency, the IACCC aims to facilitate international co-operation on ‘grand corruption’ investigations, including with respect to intelligence and evidence gathering.
The SFO Director stated that the Taskforce reaffirmed the SFO’s “commitment to tackling the pernicious threat of international bribery and corruption, wherever it occurs” and that the SFO would “make use of every power and partnership available to confront this criminality.” True to his word, the SFO is increasing enforcement activity:
- In November 2024, the SFO announced that it was conducting a joint investigation with the PNF into suspected bribery and corruption at Thales Group, a French headquartered aerospace and defence electronics contractor. The company’s press release states that the investigation relates to the performance of a contract in Asia.
- In April 2025, the SFO announced two new corporate investigations. First, the SFO announced an investigation into United Insurance Brokers Limited (UIBL) at the same time that UIBL was charged with failing to prevent its associates from bribing state officials in Ecuador.
- Less than two weeks later, the SFO conducted multiple ‘dawn raids’ and announced an international bribery investigation in relation to Blu-3, a UK headquartered data centre infrastructure provider.
The DOJ has now reaffirmed its commitment to anti-bribery efforts. The White-Collar Enforcement Plan issued in May 2025 includes bribery and associated money laundering that impacts US interests as a priority focus area.
Further, the DOJ released its highly anticipated FCPA guidelines in June 2025, accompanied by remarks from the Head of the Criminal Division emphasising that the statute would be enforced “firmly but fairly.” The guidelines indicate that FCPA enforcement will resume, but with a narrower focus on certain industries (such as defence, energy, and infrastructure) and serious misconduct (e.g., sophisticated schemes and substantial bribe payments, rather than “routine business practices” or low-dollar business courtesies). Notably, while the guidelines reflect a desire to protect US business interests, they clarify that enforcement decisions will not be based on an individual’s or company’s nationality – in other words, enforcement will not be limited to non-US companies.
Together, the new DOJ guidelines and the formation of the Taskforce signal that anti-bribery efforts remain an important focus globally.
Conclusion
Rapidly evolving policy and enforcement environments mean it is more important than ever that companies with links to the US and UK take a joined-up approach to evaluating their risk exposure and implementing mitigation strategies. Decisions taken in relation to one jurisdiction can have profound consequences in the other.
If a situation arises where a discussion regarding potential self-disclosure is necessary, companies should make sure to engage the right people in that discussion – from Legal and Compliance to the board, across the US and UK (and any other potentially relevant jurisdictions) – and to do so quickly. The authorities on both sides of the Atlantic have made it clear that time is of the essence, so strategies for dealing with potential wrongdoing should be firmly in place before their implementation becomes necessary.