Search for:

The science of compliance: SFO releases guidance on how it will assess corporate compliance programmes

The SFO’s Operational Handbook1 has been updated with new guidance on how it will evaluate corporate compliance programmes (

While the guidance is far less prescriptive than many corporates would wish and, in many respects, repeats well-trodden ground for the SFO and adds little that is truly new, some aspects of it are of interest.

The guidance makes it clear that, in evaluating a compliance programme, prosecutors will assess the state of a compliance programme at different periods in time for different purposes:

  • the state of the compliance programme at the time of offending;
  • the current state of the compliance programme; and
  • how the compliance programme could change going forwards.

The guidance also confirms that “[a]n organisation with a poor programme at the time of wrongdoing may, nonetheless, have strengthened its programme by the time of the charging decision. This would be relevant to a charging decision under the Guidance on Corporate Prosecutions…

As such, whilst the only procedures that are relevant to the assessment of adequacy for the purpose of corporate liability under section 7 are those in place at the time of the alleged offence, the guidance helpfully outlines that the ultimate outcome of an SFO investigation will require more than this evidential snapshot. The likelihood that the SFO will charge the corporate entity or offer a DPA (and the severity of any potential sentence) will be impacted by the degree of correction of the control environment and other aspects of the compliance programme after the event and the extent to which there is still work to be done going forwards. Accordingly, corporates must ensure that, in the event a compliance incident triggers a criminal investigation, steps are taken to properly assess the root cause
of the issue, take related remedial measures, and enhance the compliance programme, as doing so may help reduce the risk of prosecution, increase the prospect of a DPA and/or reduce any sentence imposed by the court.

The guidance makes it clear that SFO investigation teams should begin to explore (and obtain evidence in respect of) a company’s compliance programme very early in any investigation. This confirms that, when under an SFO investigation (whether following a self-report or otherwise) companies should expect to be asked to provide detailed information about compliance programmes early on in an investigation.

The guidance also places heavy reliance on the “Six Principles” set out in the statutory guidance under the Bribery Act 2010 (,
referring to them as “a good general framework for assessing compliance programmes”:

  • Principle 1 – proportionate procedures
  • Principle 2 – top level commitment
  • Principle 3 – risk assessment
  • Principle 4 – due diligence
  • Principle 5 – communication (including training)
  • Principle 6 – monitoring and review

The focus on the six principles is unsurprising and serves to emphasise their importance (as statutory guidance) and the need for organisations to focus on the six principles when designing and improving their compliance programmes.

The guidance emphasises not only the importance of having a robust compliance programme in place, but also being able to evidence it. It is in this respect that the guidance is most lacking in that it does not provide any real further insight into the questions that companies should be expected to be asked by the SFO regarding the operation of their compliance programme or the methodology that the SFO
will use to test it. Tracking and evidencing the effectiveness of a compliance programme can be a challenge for most organisations, but there are tools available to assist, including Baker McKenzie’s Compliance Cockpit. The Compliance Cockpit is a holistic risk assessment and risk monitoring tool that can be used to track improvements to, and the effectiveness of, a compliance programme on a global scale. (

1 The SFO Operational Handbook is an internal-facing document which is for use by SFO investigation teams. It is of relevance to corporates because it provides an insight on the approach that the SFO will take to certain issues.


Joanna Ludlam is a partner in the Dispute Resolution team in Baker McKenzie's London office, where she leads the market-leading Regulatory, Public & Media law team and also co-leads the office's Compliance & Investigations Practice Group. At an international level, she co-chairs the Firm's Global Compliance & Investigations Steering Committee. In 2016, Joanna was named as one of The Lawyer’s “Hot 100” for her practice, and is recognised by Legal 500 and Chambers & Partners.



Charles Thomson is a partner and solicitor advocate in Baker McKenzie’s Dispute Resolution Practice Group in London. He co-manages the Business Crime Unit, and is part of the Financial Institutions Disputes, Contentious Trusts and Compliance and Investigations Groups. Charles joined the Firm as a trainee in 2002, and concurrently spent three months on secondment as a judicial assistant at the Royal Courts of Justice in the Civil Appeals Division. A solicitor advocate since 2007, Charles appears as an advocate in all Higher Courts in England and Wales. Chambers and Legal 500 both commend Charles for his legal practice. Charles is also listed as a Rising Star in Litigation by Legal Week.


Henry Garfield is a senior associate in Baker McKenzie's Dispute Resolution department based in London. Henry's practice focuses on fraud, asset tracing, internal investigations and business crime. He also undertakes general commercial litigation. Henry has just completed an 11 month secondment to the Serious Fraud Office, during which he was the Case Lawyer on an investigation into a £60 million fraud. The investigation involved unravelling trust and company structures in several offshore jurisdictions and has recently resulted in two individuals being charged with fraud and forgery offences.


Yindi Gesinde is a senior associate and solicitor advocate in Baker McKenzie's Compliance and Investigations and Dispute Resolution Departments in London. Yindi's practice includes complex and high-value international and domestic commercial litigation for multinational clients, with particular expertise in anti-bribery and corruption investigations, compliance and trust litigation.