Case Explained: UK White-Collar/Financial Crime/Corporate Crime investigations, developments, and predictions. – Legal Perspective

The UK Government’s new anti-corruption strategy makes clear that it regards fraud and corruption as a drag on UK growth.  Major reforms include the new “failure to prevent fraud” offence for large organisations, expanded grounds for financial crime exclusion under the Procurement Act 2023, and a proposed extension of the senior manager attribution test to all criminal offences. These changes increase the risk of both corporate and individual liability.

Cross-regulator collaboration has intensified, with the SFO, FCA, PRA, OFSI, and NCA coordinating on complex cases. Internationally, the SFO is engaging in multi-agency anti-corruption initiatives and aligning with U.S. and European authorities to harmonise expectations for cross-border investigations.

Data privacy and non-disclosure agreement (NDA) reforms are reshaping internal investigation practices. Looking ahead, the integration of AI in investigations, enhanced whistleblower incentives, and a more active FCA AML supervisory role are expected to drive further changes.

External investigations and enforcement 

SFO

The UK Serious Fraud Office (SFO) has been given a boost through wider pre-investigation powers, a new failure to prevent fraud offence and looser attribution rules. It has also issued a number of new policies and guidances relevant to corporate enforcement. 

Its refreshed 2025 Corporate Cooperation and Enforcement guidance aims to encourage more voluntary self-disclosure by setting clearer expectations on timing, investigative discipline and cooperation, and by signalling a qualified promise of a Deferred Prosecution Agreement (DPA) for prompt self-reporting and full cooperation except in exceptional circumstances. Under updated joint prosecution guidance with the Crown Prosecution Service (CPS), prosecutors are now encouraged to:

• consider statutory defences for “failure to prevent” offences earlier – at the charging stage. For corporates, this creates an early opportunity to demonstrate that adequate or reasonable procedures were in place and that the evidentiary threshold for charges cannot be met for a charge to be brought.
• when there is a bribery/fraud nexus (for example there is fraud to conceal bribes being paid), prosecutors are explicitly encouraged to explore alternative offences. The availability of another offence, such as failure to prevent fraud, could significantly influence the indictment and overall case strategy. Although alternative offences in overlapping fact scenarios are not new, the updated guidance emphasises the choice of charging options now at prosecutors’ disposal.

The guidance also pushes prosecutors to assess early a corporate’s ability to satisfy financial penalties, potentially filtering out resource-intensive prosecutions unlikely to yield recoveries.

Refreshed guidance on Guidance on Evaluating a Corporate Compliance Programme tracks with the e volving “failure to prevent” landscape and clarifies how programme effectiveness will be assessed during charging decisions, DPAs, statutory defences and sentencing.

In parallel, public statements emphasise speed to evidence, a willingness to incentivise whistleblowers and increasing use of covert tools and dawn raids (more in the last three months than in the past three years)¹, with a legislative proposal to clarify powers to extract remotely accessible data from seized devices.² There are signs that the SFO’s efforts are resulting in faster decision making, with two publicly reported examples of companies being charged within two years of an investigation being opened.³ The UK Government’s anti-corruption strategy speaks of using AI, including piloting a prototype AI corruption investigation assistant means that it can much more quickly analyse massive quantities of data points, from investigations and SARS, to detect criminality.

The City of London Police’s DCU is expanding to handle national and regional corruption cases, with a specific focus on high-risk sectors. Recent cases highlight persistent risks in construction and public services, including bid-rigging and inflated contracts.   

The UK Government has made it a priority commitment to assess the feasibility of introducing financial incentive schemes for individuals reporting economic crime. The SFO is advocating for whistleblower incentives as part of a government-sponsored fraud review. HM Treasury has already announced the introduction of a revised whistleblower reward scheme in March 2025 to encourage reporters to come forward to HMRC about tax fraud. If financial incentives are introduced, internal reporting may increase in volume and severity. Programmes should be reassessed for anonymity protections, triage speed, cross‑border data transfer safeguards, escalation criteria, and documentation standards aligned to potential regulator expectations.

The SFO Director, Nick Ephgrave, announced that he will be stepping down in March 2026, mid-way through his five-year term.  The SFO could do without this disruption, and all eyes will be on who is next at the helm.

Cross regulator dynamics

While the SFO has primary responsibility for investigating and prosecuting serious and complex fraud, bribery and corruption, multi agency coordination continues. The joint CPS/SFO guidance emphasises early engagement by the CPS and SFO with other UK regulatory authorities, where the conduct of individuals engages distinct regulatory frameworks or where parallel enforcement may better secure the public interest.

FCA

The UK’s Financial Conduct Authority (FCA) may prosecute firms and individuals in various circumstances, including in relation to substantive money laundering and money laundering controls failings. It also has disciplinary and supervisory powers e.g. to impose fines and public censures, ban individuals from the financial services industry, withdraw and vary firms’ permissions, and impose a wide range of conditions and requirements on firms and individuals.

Whilst the volume of concluded prosecutions and enforcement actions remains broadly stable, the FCA has significantly rationalised its investigations caseload including by closing 100 historic cases with no action. It has raised the bar to open an investigation, now focusing on cases most likely to drive “impactful deterrence”. It is also focusing on taking assertive supervisory action, though this is showing up more informally so far (in increased supervisory engagement and voluntary agreements with firms). The FCA continues to level-up its data-led efforts aimed at early detection and preventative intervention, particularly in relation to its market oversight objectives.

Financial crime is one of the main themes of the FCA’s five-year strategy and remains the dominant priority area for investigations. Fraud and scam prevention is rapidly growing as an area of supervisory focus, with increased enforcement activity anticipated in due course.  Anti-money laundering remains a key focus area especially in retail payments and banking, as does market abuse – including insider dealing – in the wholesale space and in listed corporates. We expect the FCA also opportunistically to enforce in the anti-bribery, corruption and sanctions spaces, driving its message that financial crime risks should be addressed holistically given the substantial overlap in relevant controls. The FCA is increasingly prosecutorial though largely in the areas of fraud, scams and insider dealing.

The FCA’s data-led early detection and prevention efforts, alongside its thematic work, all involve increased quasi-investigatory work by its supervisors. This work moves more quickly than its enforcement investigations. It is also more informal, yet firms should not be complacent.  Instead, carefully manage dialogue with and provision of information to the FCA from the outset and throughout such processes in order to mitigate the risk of rapid regulatory “escalation” to more formal measures including prosecutions.

CMA

A major 2025 development for the UK Competition and Markets Authority (CMA) was the coming into force of the Digital Markets, Competition and Consumers Act 2024 (DMCCA). It strengthens the CMA’s investigatory reach and penalty powers and creates a tougher consumer enforcement regime with the CMA now able to itself determine breaches of consumer law and impose potentially significant penalties on both companies and individuals. The CMA is expected to crack down on breaches, particularly in areas of key consumer spending, and has already opened several investigations into online pricing practices and issued advisory letters to 100 businesses across a range of sectors. Any white collar crime investigation with a potential consumer nexus (e.g., around pricing, subscription practices, dark patterns or online disclosures) could therefore also involve the CMA.

The DMCCA has also expanded the CMA’s powers to detect and investigate cartels. It can now obtain electronic information stored remotely (e.g., in the cloud) during dawn raids executed under a warrant and can interview individuals unconnected to the company under investigation. At the same time, the CMA is routinely conducting inspections of domestic premises and “virtual raids” and investing in data and AI detection tools. All this points to it stepping up its efforts to uncover cartel conduct. And, given the authority actively considers whether to start a criminal investigation and pursue director disqualification orders every time it opens a civil cartel proceeding, it will be interesting to see whether these new efforts lead to a step change in its historically weak record on criminal cartel enforcement (having not opened a criminal cartel investigation in nearly 10 years).

For businesses, these dynamics mean that investigations can rapidly become multi track, engaging parallel regulatory interests. Early horizon scanning for multiagency implications, planned engagement strategies, and a coherent disclosure plan will help avoid inconsistent narratives, inadvertent waiver of privilege or misalignment on remedial commitments.

Cross-border coordination

The SFO has joined multi-agency initiatives like the International Anti-Corruption Coordination Centre and formed a new Anti-Corruption Prosecutorial Task Force with French and Swiss authorities, enabling real-time visibility on transnational corruption and faster progression of joint cases. Engagement with the U.S. Department of Justice remains strong despite temporary shifts in U.S. enforcement dynamics, with shared commitment to voluntary self-disclosure frameworks, market integrity and expedited resolution of cross-border investigations. 

For global corporates, this means harmonised expectations on charging decisions, information exchange and parallel proceedings, and a need to calibrate internal investigations to withstand scrutiny across jurisdictions.

Significant UK law reform impacting corporate criminal liability

A new failure to prevent fraud corporate criminal offence came into force on September 1, 2025. It imposes strict liability on a large organisation that has failed to prevent one of a wide range of fraud offences being committed by an ‘associated person’ intending to benefit the business or a client. The only defence is having reasonable procedures in place to prevent fraud.

Many businesses were getting ready for the new offence coming into force by ensuring they have in place reasonable procedures to prevent fraud, in accordance with UK Government Guidance. For in-house teams, an understanding of underlying fraud offences and how English law tests dishonesty will be crucial during the risk assessment process, and during any internal investigations. The new offence sits alongside existing failure to prevent offences relating to bribery and facilitation of tax evasion. 

Widened mandatory and discretionary financial crime exclusion grounds and a new public debarment list are key changes made by the coming into force of the Procurement Act 2023 (PA23), in force since 24 February 2025.  The misconduct of a group company can fall within scope, even where it is not engaging in the underlying procurement process. Any company facing enforcement action for alleged financial crimes and a wide range of other wrongdoing, whether in the UK or abroad, should consider the impact of enforcement outcomes on its ability to bid for public contracts in the UK. This may impact strategic decisions made before and during an external investigation – read our article on what the UK Procurement Act 20023 means for investigations.

Further law reforms on the horizon

Corporate attribution:

• The senior manager test of corporate attribution, introduced for economic crimes in late 2023, is set to expand under the Crime and Policing Bill 2025 to all criminal offences.  It would mean that where a senior manager of a business (a company or partnership of any size), acting within the actual or apparent scope of their authority, commits a criminal offence, the organisation also commits that offence. We have written about the impact of this proposed change, and what businesses would need to do to be ready for it.
• The expansion may impact individual liability too for company officers. ‘Consent and connivance’ provisions, contained in many corporate offences, extend criminal liability to officers of a company where the company is guilty of a criminal offence, and the misconduct occurred with the consent or connivance of the officer, or in some cases attributable to their neglect.   If the senior manager test of attribution is extended to apply to all offences, then individual officers will be at greater risk of committing a ‘consent and connivance’ type offence.

The UK’s AML regime:

• will be subject to targeted amendments to deliver a more proportionate regime, close regulatory loopholes and respond to new risks in relation to money laundering and terrorist financing.
• interactions between AMLA (the new EU AML regulator) and the FCA will be watched with interest by those operating across borders in order to identify where the regulatory differences or similarities will occur.
• Helpfully for businesses, the Supreme Court ruled in 2025 that the Proceeds of Crime Act 2002 (POCA) only catches substantive money laundering acts committed in the UK. This simplifies the assessment for companies when considering whether to file a report with the UK National Crime Agency (NCA) to safely deal in the proceeds of crime in cross-border money laundering scenarios: El-Khouri v Government of the United States [2025] UKSC 3. 

Jury trials:

• the govt is proposing major reform to jury trials in an effort to cut back-logs. This would include judge only trials for “particularly technical and lengthy fraud and financial offences”.  We are yet to see the details but if the government follows the recommendation of a review led by Sir Brian Leveson which reported this year then the proposal to replace jury trials affects many of the offences that businesses (and those who work for them) can become embroiled in. Sir Brian’s report provided an indicative list of offences that fall within the scope of serious and complex fraud. The list includes money laundering, fraud, conspiracy to defraud, fraud by a company director, insider trading, and bribery. It is unclear whether it also includes ‘failure to prevent’ forms of the same offences.
• According to Sir Brian Leveson’s report, a study from the NSW Bureau of Crime Statistics and Research found that between 2011 and 2019, judge-alone trials resulted in a 12% higher likelihood of acquittal, as well as a significant reduction in the average length of trials. In Canada and New Zealand, jury waivers are already “tried and tested”.
• However, the proposal to replace jury trials is of great concern and is being contested by many groups, on many bases, including that “All empirical evidence shows that juries in this jurisdiction reach verdicts based on evidence and law…..The one stage in the criminal justice systems where Black, Asian and minority ethnic defendants do not face disproportionality is the jury verdict…”. ⁴

Reforms are in progress for private prosecutions, with a consultation contemplating more stringent requirements for private prosecutors. This area has come under increased scrutiny after some private prosecutors were found to have acted improperly, resulting in serious injustice. An egregious example is the Post Office scandal.

The High Court has clarified cost risks for private prosecutors in judicial review and underlying proceedings. Both developments may act as a brake on private prosecutions against businesses.

Internal investigations

SFO expectations

The SFO’s refreshed guidance on Corporate Cooperation and Enforcement emphasises early engagement, transparency, and preservation of evidence in internal investigations. For in-house teams, these shifts translate into higher expectations around the design and execution of internal investigations. Prosecutors will probe the provenance and integrity of digital evidence, the sequencing and scope of interviews, and the timeliness of preservation and production of contemporaneous materials. We wrote about self-reporting and cooperation aspect of the new guidance.

Well-structured investigations that align with SFO expectations can materially influence outcomes, whether towards a DPA, prosecution or no action.

Data privacy

Managing data privacy issues during an investigation is crucial, e.g. in relation to accessing devices on which there may be personal information. The Data (Use and Access) Act 2025 amends the UK data protection regime and, amongst other things, the Data (Use and Access Act) 2025 introduces a new “recognised legitimate interest” legal basis to process personal data.

Of the five recognised legitimate interest conditions, one is likely to be particularly relevant to crime and investigations – organisations will be able to rely on the legal basis where that processing is necessary for the purposes of detecting, investigating or preventing crime, or apprehending or prosecuting offenders.

Unlike the existing legitimate interest legal basis, it will not be mandatory to assess whether the rights, freedoms or interests of the data subject outweigh those of the data controller (preventing reliance on the legitimate legal basis if so). This additional flexibility is consistent with potential data subject rights exemptions that may apply in relation to processing for the purposes of prevention and detection of unlawful acts. Organisations must, however, consider whether the processing is necessary (not merely useful) for the relevant purpose of processing.

For in-house teams, this legal basis may give greater confidence in processing personal data in the context of crime-related investigations. Importantly, organisations must continue to comply with the wider data protection regime and obligations. For example, when processing special category data (such as data revealing race, political opinions, trade union membership, sexual orientation etc) the organisation must identify an additional condition to process the data and comply with specific requirements before doing so. In the case of crime and investigations this condition may be the substantial public interest condition for preventing or detecting unlawful acts. Similarly, if the personal data includes criminal offence data (ie personal data relating to criminal convictions and offences or related security measures, including suspicions and allegations) the organisation must identify an additional condition to process the data before doing so. For example, the substantial public interest condition (and associated requirements) of preventing or detecting unlawful acts may be appropriate. The relevant provisions will come into force in 2026.

NDAs

The Employment Rights Act 2025 (the 2025 Act) introduces constraints on the use of non-disclosure agreements in the context of discrimination and harassment. Employers will be prohibited from using NDAs to prevent a worker from making allegations or disclosing information relating to “relevant harassment or discrimination.” Any such term, whether in an employment contract, settlement agreement, or a standalone NDA, will be void once the provisions take effect. The new measure covers most forms of harassment and discrimination linked to protected characteristics under the Equality Act 2010, and it extends to disclosures about how the employer handled the underlying complaint.

The NDA restriction sits alongside existing reporting channels and legal protections:

• Already, NDAs cannot lawfully block reports of criminal conduct to law enforcement, a position which is now codified by the Victims and Prisoners Act 2024 with effect from 1 October 2025.  s17 Victims & Prisoners Act 2024 renders NDAs unenforceable against victims of crime (or those reasonably believing they are victims) insofar as they restrict disclosures to specified entities for defined purposes. Hot on its heels, the Victims and Courts Bill proposes to expand the carve-out, allowing victims and direct witnesses to disclose information to anyone for any purpose, and to limit NDA enforceability over disclosures about responses to criminal conduct.  The concept of “excepted NDAs” is envisaged, allowing confidentiality in limited, legitimate circumstances subject to criteria set by the Secretary of State.
• Likewise, whistleblowing law already prevents gagging clauses from curtailing protected disclosures, and the 2025 Act included an explicit provision to ensure that sexual harassment allegations can amount to qualifying disclosures for whistleblowing purposes.

Most market standard templates already reflect regulatory guardrails from the Solicitors Regulation Authority and the FCA, which allow disclosures to immediate family, professional advisers, medical practitioners, and certain authorities. Even so, the new statutory prohibitions will go further by voiding any attempt to suppress allegations of relevant harassment or discrimination.

Predictions for 2026

• The first corporate investigations using the senior manager test of attribution under s196 Economic Crime and Corporate Transparency Act 2023.
• UK-led initiatives signal sustained action against overseas bribery and failure to prevent risks.
• The integration of AI and machine learning into monitoring and investigations will accelerate, raising questions about model explainability, bias, and validation.
• The UK government will support further incentivisation for whistleblowers.
• A new misconduct in public office offence will be enacted, increasing focus on interactions with UK public officials. A&O Shearman provided pro bono support to Spotlight on Corruption in relation to the legislative development of this new offence in the Public Office (Accountability) Bill.
• Sectors:
  • Professional and business services (law, accountancy, and trust/company service providers): a focus on “professional enablers” make these firms a top enforcement priority, with intensified supervision and sanctions use, plus  consolidation of AML/CTF supervision under the FCA.
  • Defence and security supply chains: Rising defence spend and procurement reform will bring tighter scrutiny of programme integrity, supplier conduct, corruption controls, and insider risk management.
  • Crypto-asset related or adjacent businesses will face more scrutiny owing to increased SFO appetite and capability to combat crypto-related crime, and freeze such assets.
  • Financial services, payments, and beneficial ownership infrastructure: emphasis on ownership transparency and overseas entity data access will drive asset tracing and data driven, cross border supervisory action.
  • Property, real estate, and high end markets: ongoing concerns about laundering into UK property, combined with improved ownership transparency and sanctions implementation, ensure continued focus on real estate and high value assets.
  • Sports, especially English football: The new Independent Football Regulator, risk assessment coverage, and closer law enforcement links elevate football as a priority for corruption, illicit finance, and conduct risks.
  • Commodity and trade exposed sectors (gold, extractives, and critical minerals): focus on illicit gold flows, sanctions evasion, and responsible sourcing due diligence will drive cross border investigations and supply chain controls.

On the horizon

Looking further ahead than 2026 we predict that greenwashing and ‘AI-washing’ may form the basis of prosecutions where there has been harm to the UK public, as investors or otherwise. If AI powered technology is involved with harm, we may see the criminal law develop to allocate responsibility for such harm, perhaps on a strict liability, ‘failure to prevent’ or other basis.

Quotes

Chambers Corporate Crime & Investigations UK Guide 2025: London (Firms): A&O Shearman has great strength in all departments and is internationally renowned (Corporate Crime & Investigations respondent UK)

Legal500: Fraud: white-collar crime (advice to individuals): ‘A superb team with strengths at all levels.’

Legal 500: Regulatory investigations and corporate crime (advice to corporates): “An outstanding group of individuals who are versatile and always looking for practical solutions.”

Chambers, UK Guide 2026 Corporate Crime & Investigations respondent: “[Eve Giles] is one of the best of her generation for corporate crime matters.” and “Eve is an outstandingly conscientious lawyer. She has become a real power in white-collar and money-laundering law and is very sure-footed and an exceptionally talented lawyer.”

Footnotes

1. Sara Chouraqui, 10 December, GIR online interview

2. Crime & Policing Bill

3. AOG Technics Ltd – GOV.UK; Five charged by SFO over collapse of law firm Axiom Ince – GOV.UK 

4. Cheryl Thomas “Ethnicity & the Fairness of Jury Trials in England and Wales 2006-2014” [2017] Criminal Law Review, Issue 11. This finding is cited at p.291 of the Review.