CPS SFO issues an updated joint Corporate Prosecutions Guidance

The updated joint Corporate Prosecutions Guidance from the Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO), released on 18 August 2025, marks a significant shift in how corporate criminal liability will be approached in the UK.

Overview

1. The Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO) released an updated version of their joint Corporate Prosecutions Guidance on 18 August 2025.
2. This document outlines a unified approach to prosecuting corporate offending in England and Wales, emphasising the importance of holding companies accountable to deter crime, protect the public, and promote ethical business practices.
3. It is subordinate to the Code for Crown Prosecutors. It focuses on corporate entities (including incorporated bodies like companies and limited liability partnerships, as well as unincorporated organisations such as partnerships).
4. The guidance EXCLUDES corporate manslaughter and prosecutions by other specialist agencies under separate frameworks, such as health and safety offences.
5. The update incorporates recent legislative changes, particularly from the Economic Crime and Corporate Transparency Act 2023 (ECCTA). It is timed to coincide with the impending activation of the new "failure to prevent fraud" offence on 1 September 2025.

Key Sections and Content

1. The guidance is structured around general principles, routes to liability, evidential considerations, case handling, jurisdiction, public interest factors, sentencing, asset recovery, and deferred prosecution agreements (DPAs).
2. It promotes prosecuting corporations alongside culpable individuals where appropriate, but allows for separate proceedings if needed (e.g., due to differing timelines).

Routes to Corporate Criminal Liability

Corporate liability can arise through statutory or common law mechanisms, with statutory routes preferred for their clarity:

1. Statutory Attribution (Section 196 ECCTA 2023):
• For economic crimes listed in Schedule 12 (e.g., bribery, money laundering, fraud, sanctions breaches), liability attaches if a "senior manager" (someone playing a significant role in decision-making) commits the offence within their authority.
• This applies to offences on or after 26 December 2023 and broadens attribution beyond traditional limits.
2. Failure to Prevent Offences:
• Strict liability for failing to prevent associated persons (e.g., employees, agents) from committing specified crimes, with a defence if reasonable prevention procedures were in place.
• This includes existing offences under the Bribery Act 2010 and Criminal Finances Act 2017, plus the new failure to prevent fraud offence (Section 199 ECCTA 2023) for "large organisations" (meeting at least two of: >£36m turnover, >£18m balance sheet, >250 employees).
• It covers frauds in Schedule 13 (e.g., false accounting, fraudulent trading) intended to benefit the organisation.
3. Common Law Principles:
• The "identification doctrine" (attributing acts of the "directing mind and will") remains for NON-STATUTORY OFFENCES,
• while vicarious liability applies to STRICT LIABILITY CRIMES.
• The two doctrines differ in scope, application, and the types of offences they target: In essence,
• The identification doctrine is fault-based and elite-focused for intentional crimes,
• While vicarious liability is no-fault and employee-inclusive for regulatory breaches.
• The former remains the default for non-statutory offences unless overridden by statute, whereas the latter is standard for strict liability crimes.

1. Limitations: Companies must be correctly named, face only fines (not imprisonment), and dissolved entities may need restoration for prosecution.

Evidential Considerations

1. Prosecutors must evaluate whether a "reasonable procedures" defence applies early in failure to prevent cases, using government guidance on six principles (e.g., risk assessment, due diligence).
2. For ECCTA offences, evidence focuses on senior managers' roles or associated persons' actions benefiting the company.
3. Individual liability can arise from consent, connivance, or neglect by officers.

Case Handling and Jurisdiction

1. Strategies include charging overlapping offences (e.g., bribery and fraud), direct Crown Court referrals for complex cases, early financial disclosure (last three years' accounts), and asset restraint.
2. Multi-agency coordination is emphasised, with referrals to regulators (e.g., Financial Conduct Authority) as alternatives to prosecution, and international collaboration via Eurojust.

Public Interest Factors

1. Beyond the Code for Crown Prosecutors, factors favouring prosecution include history of similar conduct, ineffective compliance, failure to self-report, and significant harm (e.g., to victims or markets).
2. Factors against include proactive self-reporting and remediation, effective compliance programs, isolated incidents, non-recent offending with reformed structures, or disproportionate impacts (e.g., debarment from contracts).

Sentencing, Asset Recovery, and DPAs

1. Sentencing considers ancillary orders like director disqualifications or serious crime prevention orders. Asset recovery involves early restraint to prevent dissipation, potentially via civil routes. DPAs (under the Crime and Courts Act 2013) allow suspended proceedings if the company complies with terms (e.g., fines, compensation), guided by a separate DPA Code. DPAs do not bar individual prosecutions and require full cooperation.
2. An annexe lists offences where individual liability arises from corporate offending via consent/connivance/neglect (e.g., under the Companies Act 2006).

Significant Shift in Approaching Corporate Criminal Liability

The update marks a pivotal evolution in UK corporate accountability, driven by ECCTA reforms, shifting from the restrictive "identification doctrine" (limited to the "directing mind and will") to broader attribution mechanisms. Key changes include:

1. Wider Attribution for Economic Crimes: Section 196 ECCTA attributes liability for Schedule 12 offences to actions of "senior managers," not just top directors, making it easier to prosecute corporations for substantive crimes without a "reasonable procedures" defence. This applies extraterritorially with limits and aligns the UK closer to models like U.S. respondent superior but is scoped to economic crimes.
2. New Strict Liability for Fraud Prevention: The failure to prevent fraud offence (Section 199 ECCTA) imposes liability on large organisations for associates' frauds benefiting them, unless reasonable procedures are proven. This expands "failure to prevent" models from bribery and tax evasion, targeting fraud like false accounting or cheating revenue, with government guidance aiding defence assessments.
3. Proactive Enforcement and Defences: Prosecutors now evaluate statutory defences upfront, encouraging early corporate demonstrations of compliance. This, combined with multi-agency referrals, financial scrutiny pre-charge, and DPA incentives for self-reporting, promotes a "carrot and stick" approach: rewarding ethical firms while aggressively pursuing non-compliant ones.

Overall, these shifts increase corporate exposure, especially for large entities, urging immediate compliance reviews ahead of 1 September 2025.

SFO Director Nick Ephgrave noted,

• "Now is the time to take action. Corporations must get their house in order."
• This enhances deterrence but balances it with opportunities for remediation, fostering ethical practices amid rising enforcement trends.

Official Guidance Link

The updated joint Corporate Prosecutions Guidance from the Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO), released on 18 August 2025, is available on the UK Government website:

• Direct Link: https://www.gov.uk/government/publications/joint-sfo-cps-corporate-prosecution-guidance/joint-sfo-cps-corporate-prosecution-guidance

It is also referenced in an official CPS news release announcing the guidance and the upcoming "failure to prevent fraud" offence:

• CPS News Release Link: https://www.cps.gov.uk/cps/news/organisations-must-prepare-now-new-fraud-prevention-law

Here's a breakdown of the key changes and implications:

🔑 Key Legal Changes

1. Failure to Prevent Fraud Offence (Effective 1 September 2025)
   1. Introduced under Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA).
   2. Applies to large organisations (meeting two of: >250 employees, >£36M turnover, >£18M balance sheet).
   3. Organisations are strictly liable if an associated person (employee, agent, subsidiary, etc.) commits a specified fraud offence for the organisation’s benefit.
   4. Defence: Having “reasonable fraud prevention procedures” in place.
2. Expanded Identification Doctrine (In Force Since December 2023)
   1. Liability now extends to actions of any senior manager, not just board-level executives.
   2. A senior manager is defined broadly as someone with significant decision-making authority.
   3. This change makes it easier to prosecute large corporations where responsibility is distributed.

⚖️ Prosecutorial Strategy Enhancements

1. Prosecutors can stack charges (e.g., failure to prevent fraud + underlying offence like false accounting).
2. Companies must provide three years of financial accounts before sentencing; failure to do so allows courts to assume the ability to pay significant fines.
3. Cases may be fast-tracked to the Crown Court and involve multi-agency collaboration (SFO, CPS, HMRC, FCA, Companies House).

🧭 Guidance Principles

1. Corporate prosecutions aim to deter wrongdoing, protect the public, and promote ethical business practices.
2. Prosecuting a company is not a substitute for prosecuting culpable individuals.
3. The guidance outlines routes to liability via:
1. Statutory attribution (e.g., ECCTA Section 196)
2. Failure to prevent offences (Bribery Act 2010, Criminal Finances Act 2017, ECCTA 2023)
3. Common law doctrines (identification and vicarious liability).

🛡️ What Businesses Should Do Now

1. Conduct fraud risk assessments.
2. Train senior managers and staff on fraud prevention.
3. Document and operationalise prevention procedures.
4. Map liability under both statutory and common law regimes.
5. Prepare a self-reporting strategy to regulators (SFO, FCA, police).
6. Update governance structures and escalation processes.
7. Ensure financial transparency and readiness to provide economic data.

References

1. Organisations must prepare now for the new fraud prevention law https://www.cps.gov.uk/cps/news/organisations-must-prepare-now-new-fraud-prevention-law
2.  UK corporate prosecutions: What the new guidance means for businesses https://vinciworks.com/blog/uk-corporate-prosecutions-what-the-new-guidance-means-for-businesses/
3.  Joint SFO-CPS Corporate Prosecution Guidance - GOV.UK https://www.gov.uk/government/publications/joint-sfo-cps-corporate-prosecution-guidance

Other Relevant Sources

Here are additional sources providing analysis, summaries, and commentary on the updated guidance:

1. JD Supra Article: "CPS and SFO publish joint corporate prosecutions guidance" – Discusses the implications of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and the failure to prevent fraud offence.
• Link: https://www.jdsupra.com/legalnews/cps-and-sfo-publish-joint-corporate-5579964/
2. Comsure Group News: "Joint SFO-CPS Corporate Prosecution Guidance on 'FAILURE TO PREVENT FRAUD' Offence" – Emphasises the urgency for organisations to report suspected fraud and prepare compliance measures.
• Link: https://www.comsuregroup.com/news/joint-sfo-cps-corporate-prosecution-guidance-on-failure-to-prevent-fraud-offence/
3. Westlaw Today Article: "CPS and SFO publish joint corporate prosecutions guidance" – Overviews the overhaul of the guidance and its focus on corporate accountability.
• Link: https://today.westlaw.com/Document/I235de4807ebd11f0ae17c66f98dd2280/View/FullText.html?contextData=%28sc.Default%29&transitionType=Default
4. SPA (Specialist Publishers Association) Article: "Prosecution guidance on ECCTA corporate criminal liability" – Summarises the joint guidance with a focus on its practical implications for businesses.
• Link: https://spa.org.uk/prosecution-guidance-on-eccta-corporate-criminal-liability/
5. Financial Institutions News Article: "SFO and CPS update prosecutor guidance in time for FTP fraud" – Highlights the timing of the update ahead of the new fraud prevention law.
• Link: https://www.financialinstitutionsnews.com/2025/08/19/sfo-and-cps-update-prosecutor-guidance-in-time-for-ftp-fraud/

These sources offer a mix of official announcements and expert analyses to provide a broader context on the guidance's updates and significance.