The Crown Prosecution Service (CPS) and the Serious Fraud Office (SFO) have jointly updated their Corporate Prosecutions Guidance (the Guidance), providing clarified expectations for organisations in relation to economic crime, fraud and corporate liability. This update comes at a critical time: the new “failure to prevent” offence will come into force on 1 September 2025. This new offence creates a corporate criminal liability where an associated person of the organisation fails to prevent the commission of certain criminal offences such as bribery, fraud and tax evasion.

The convergence of this Guidance and a new statutory offence significantly raises the stakes for compliance teams and senior management. Whilst the Guidance is presented as a milestone in tackling economic crime, there are serious questions about whether it is realistic, workable or even fair in practice.

Who Does This Apply To?

Notably, the Guidance signals the level of scrutiny the authorities expect from boards and compliance teams of corporate entities. Corporate entities encompass anybody that is capable of being prosecuted in its own name and includes limited liability partnerships, general partnerships, clubs, associations and in some circumstances, entities incorporated under foreign law. 

Key Points From the Guidance

Liability Framework 

The failure to prevent offence targets large organisations (e.g., those with >250 employees, turnover >£36 million or a balance sheet total of >£18 million). Unless these organisations have “reasonable” fraud-prevention procedures in place, they will be automatically criminally liable irrespective of whether they intend or are aware of the commission of the specified underlying criminal conduct. It is yet unclear, however, what “reasonable measures” encompass, which can create a compliance guessing game. 

The Guidance also expands the identification doctrine previously established under the Economic Crime and Corporate Transparency Act 2023. Prosecutors no longer need to establish that the individual was the “directing mind and will” of the company, rather broader provisions make it easier to prosecute companies for actions of employees, agents or subsidiaries irrespective of whether the individual holds a formal board position. It is sufficient to show that the individual is a “senior manager” who plays a significant role in either the making of decisions about how the whole or a substantial part of the organisation’s activities are to be managed or organised. Therefore, even the indirect involvement of organisations can trigger liability—emphasising the need for proactive controls.

Factors in Prosecutorial Decision 

The CPS and SFO will consider: 

• The nature and seriousness of the offence.
• Effectiveness of compliance systems and internal controls.
• Organisational culture and governance. 
• Level of cooperation with authorities.

It is evident that having policies in place formally is not enough. The relevant authorities will evaluate if these policies are actually embedded in daily operations. This includes reviewing and assessing the culture and tone from senior members of the organisation, as much as any formal training and controls in place.

Sentencing Considerations

Fines may be influenced by the company’s turnover, the seriousness of the breach and whether self-reporting or remediation occurred. Organisations are expected to provide comprehensive accounts for the last three years. Even small lapses could scale into significant fines if the company fails to show it had preventative measures and was not forthcoming in their disclosure. 

Voluntary disclosure and remediation can also be meaningful ways to mitigate exposure to fines. However, whilst it is encouraged, full immunity is not guaranteed. Organisations must be aware that prosecutors still reserve the right to prosecute in “exceptional circumstances”. 

Interaction Between CPS and SFO

The Guidance clarifies which cases the SFO will typically handle (complex fraud, corruption or bribery), while the CPS covers a broader range of corporate offences. However, both are already stretched thin with ongoing investigations. There is a real risk of bottlenecks, delays and selective enforcement, undermining credibility. 

Practical Implications

Companies should ensure they:

• Maintain robust compliance programs.
• Conduct regular training and monitoring.
• Document risk assessments and controls.
• Implement whistleblowing and reporting mechanisms.

The emphasis is on evidence—document what you do, train staff and monitor activity. However, the Guidance disproportionately affects large organisations, who must organise the training and monitoring of a large number of employees as well as have in place reporting structures at pace. 

Compliance Takeaways

Organisations should review the following:

• Compliance frameworks: ensure policies, procedures and monitoring systems are up to date and effective;
• Enhance governance oversight: boards and senior management should actively oversee compliance programs;
• Document preventive measures: keep clear records of training, risk assessments and internal controls to demonstrate a proactive prevention; and
• Prepare for enforcement: establish protocols for cooperation with CPS and SFO investigations, including voluntary disclosures if breaches occur.

Conclusion 

With the “failure to prevent” offence coming into force imminently, combined with this updated Guidance, companies must ensure that prevention measures, systems, governance and documentation are fully aligned with UK prosecutorial expectation. This reinforces the importance of embedding compliance and ethical conduct into every level of the organisation. Nevertheless, the lack of clear standards and processes in this Guidance can prove more symbolic than effective.