The Serious Fraud Office's refreshed Guidance on Evaluating a Corporate Compliance Programme ("the Guidance") provides some clues as to how and when prosecutors will assess corporate compliance arrangements, but some questions remain.

Key messages from the Guidance

The central message in the Guidance is that the SFO will examine "holistically" how compliance arrangements have functioned in practice rather than simply how they are described by corporates. Statements in previous versions of the Guidance that compliance programmes are not simply a "paper exercise" are repeated.

Detailed analysis on the Guidance is set out in our Clifford Chance briefing, but the key changes and some remaining questions are summarised below.

What is new?

Much of the Guidance reproduces and signposts relevant legislation and guidance, but there are some new sections and areas of emphasis. In particular, the changes to the Guidance reflect the introduction of the new corporate offence of failure to prevent fraud, the SFO's current approach to decisions about when it will prosecute and enter into deferred prosecution agreements ("DPAs") and the penalties for which it will advocate. Some limited indications are also given as to how the Guidance will fit with that of other prosecution authorities internationally.

• When the SFO will evaluate corporate compliance programmes – it identifies that it will do so when deciding:

1. Whether to prosecute for corporate offences;
2. Whether to enter into a DPA;
3. Which compliance terms to include in a DPA, and whether to include a monitorship requirement;
4. Whether a corporate has maintained "adequate procedures" for the purposes of the corporate offence of failure to prevent bribery;
5. Whether a corporate has maintained "reasonable procedures" for the purposes of the corporate offence of failure to prevent fraud; and
6. Formulating its approach to sentencing.

• How the SFO will examine claims about compliance programmes – in particular it reiterates that the SFO will use all its investigatory powers to "dig behind generalities and challenge high level assertions".

• That the SFO has substantial discretion when evaluating compliance programmes – it confirms that the fact that there may have been failures in corporates' compliance systems will not necessarily mean that those systems, or enhancements made to them to address suspected misconduct, will be regarded as ineffective, but "There is no set of preordained answers that entitle an organisation to (or disqualify it from) a specific result, decision or recommendation that its compliance programme is effective.".
• That the SFO will often not be the only authority evaluating compliance programmes – it acknowledges in particular that authorities in France and the US have corresponding guidance on what will amount to an effective compliance programme, which may provide it with a guide when making its own assessments.

Which questions remain?

The Guidance is indicative rather than prescriptive, and ambiguities remain in relation to some themes emerging from recent legislative developments, the broader enforcement landscape and other statements made by senior figures within the SFO.

These questions include:

• whether the Guidance will be adopted by other UK prosecutors when making decisions about how to conclude cases involving suspected corporate misconduct;
• the extent to which the Guidance will be used to assist prosecutors with deciding whether to prosecute corporates for breaches by their "senior managers" following changes to the law on corporate criminal liability making it easier for their conduct to be attributed to corporates; and
• how, if at all, the SFO will use the Guidance as a basis for dialogue with corporates about the adequacy of their corporate compliance programmes where investigations are not active or contemplated – i.e. to prevent rather than to respond to suspected misconduct.