The Serious Fraud Office spent seven years investigating Ultra Electronics before a judge approved a fifteen million pound Deferred Prosecution Agreement in May 2026. Ten million in penalties and four point eight million in investigation costs, all stemming from bribery offences that stretched across Algeria, Oman and eventually every jurisdiction the company operated in. The company self-reported back in 2018, changed ownership entirely when Advent International took it private in 2022, replaced its leadership, restructured its compliance systems and still ended up writing a very large cheque.
That outcome tells you something important about where UK white-collar enforcement sits right now. The SFO moves slowly, sometimes painfully so, but when it lands the numbers are real and the company that comes out the other side rarely looks anything like the one that went in.
The Laws That Get Used in These Cases
There’s no single white-collar crime statute in the UK. The charges get pulled from different Acts depending on what allegedly happened and prosecutors will often layer multiple charges from different legislation on the same set of facts.
- Fraud Act 2006 — the workhorse. Section 2 covers fraud by false representation, Section 3 deals with failing to disclose information and Section 4 handles abuse of position, which is the one that catches directors and senior employees most often. Maximum sentence: ten years.
- Bribery Act 2010 — widely considered one of the toughest anti-bribery laws globally. Section 7 creates a strict liability corporate offence of failing to prevent bribery. The only defence is proving “adequate procedures” were in place. This is what caught Ultra Electronics.
- Proceeds of Crime Act 2002 — gives prosecutors and the NCA powers to confiscate criminal proceeds and pursue money laundering charges. Up to fourteen years’ imprisonment.
- Companies Act 2006 — covers fraudulent trading (Section 993), false statements to auditors, and directors’ duties breaches.
- Economic Crime and Corporate Transparency Act 2023 (ECCTA) — the big one. Introduced the failure to prevent fraud offence from 1 September 2025.
That last Act changed everything so it’s worth understanding properly. It applies to large organisations meeting at least two of three thresholds: turnover over thirty-six million pounds, balance sheet over eighteen million, or more than 250 employees. Before ECCTA prosecutors had to prove a senior manager directed or participated in fraud to hold the company liable. Now if an “associated person” — employee, agent, subsidiary, consultant, including those based outside the UK — commits fraud for the organisation’s benefit and reasonable prevention procedures weren’t in place, the company is automatically on the hook.
Worth sitting with that for a moment. A consultant working from Singapore who commits fraud benefiting a London-headquartered company can trigger criminal liability for the UK entity if prevention procedures weren’t documented and followed.
How the SFO Puts a Case Together Before Anyone Knows
You might think investigations start with a knock on the door but by the time that happens the SFO has usually spent months quietly assembling the picture. They obtain banking and transaction records through production orders and international mutual legal assistance requests, tracing money flows across jurisdictions and often coordinating with counterpart agencies in the US and EU simultaneously.
Internal communications are a goldmine for prosecutors. Emails, Teams chats, WhatsApp messages, Slack threads. The SFO has become increasingly aggressive about accessing digital communications and courts have generally backed broad disclosure orders. A throwaway message sent at eleven pm on a Tuesday can end up as exhibit one in a prosecution three years later.
Compliance and audit records get scrutinised heavily because under the new ECCTA framework the absence of documented compliance procedures is itself evidence of the offence. And whistleblower reports are becoming a bigger factor every year. SFO Director Nick Ephgrave, who announced he’d be stepping down in March 2026, spent much of his tenure publicly advocating for financial incentives for whistleblowers inspired by the US model. HMRC announced a formal whistleblower reward scheme in the 2025 Budget for tax fraud reporting and the SFO wants the same for economic crime.
The Ultra Electronics Timeline
Worth walking through because it shows what seven years of investigation actually looks like from the inside.
It started in 2018 when Ultra Electronics self-reported suspected corruption in Algeria. Late 2022 the investigation expanded to Oman. By 2024 the SFO was looking at every jurisdiction the company operated in globally. DPA negotiations started but the SFO actually walked away from the table, concluding that conditions for a “meaningful agreement” weren’t in place.
Then the company changed hands. Advent International took it private in August 2022, delisted it from the FTSE 250 and installed entirely new leadership. Only after the SFO satisfied itself that the new management had what it called “both the willingness and the capacity to engage in good faith” did negotiations resume.
The result was the SFO’s first DPA in five years and its first successful corporate bribery enforcement action since Glencore’s record-breaking two hundred and seventy-six million pound penalty in 2022.
Seven years. An entirely new corporate identity. And still fifteen million pounds out the door.
Deferred Prosecution Agreements — What They Actually Are
A DPA is essentially a deal between the prosecutor and the company where prosecution gets suspended provided the company meets conditions. Those conditions typically include a financial penalty, disgorgement of profits, payment of investigation costs, continued cooperation with the prosecutor and a corporate renewal programme. A judge has to approve the agreement as being in the interests of justice with terms that are fair, reasonable and proportionate.
The SFO has completed twelve DPAs in total ever. Companies self-reported in nine of those twelve.
On 24 April 2025 the SFO published new cooperation guidance that was the strongest signal yet on how self-reporting would be treated:
- Companies that self-report and cooperate fully can now expect to be invited to negotiate a DPA rather than face prosecution, unless exceptional circumstances apply.
- The SFO commits to making contact within 48 hours of receiving a self-report.
- Decision on whether to open an investigation: within six months.
- DPA negotiations, once started: generally concluded within six months.
- A knowing failure to promptly self-report now “weighs heavily against” the company.
The approach deliberately mirrors developments in the US where federal prosecutors have refined what legal commentators call the “carrots and sticks” model over the past decade, rewarding voluntary disclosure while making the consequences of non-cooperation significantly harsher. Daniel Selby, a US-based financial analyst covering cross-border enforcement trends, has noted that the SFO’s updated framework borrows directly from this DOJ playbook and the convergence between UK and US corporate enforcement is accelerating.
The G4S Case — When the Company Pays and the Individuals Walk Free
This one is worth knowing about because it shows how corporate and individual liability can pull in completely opposite directions.
G4S agreed a forty-four million pound DPA with the SFO in 2020 for fraud against the Ministry of Justice over a prisoner-tagging contract. The company admitted guilt for misleading the government about its actual profits. Three executives were separately charged with seven counts of fraud for false representations they’d allegedly made to the MoJ between 2009 and 2012.
All three were acquitted at the Old Bailey in March 2023 after the SFO halted the case, stating it was “no longer in the public interest” to pursue charges. The executives described the DPA as “G4S signing a false confession.”
So the company paid forty-four million. The individuals walked free. What the company admits for pragmatic reasons and what individual directors actually did can be entirely different legal questions and that tension runs through every single white-collar investigation.
What Early Legal Engagement Looks Like in Practice
The SFO’s own guidance makes clear that the window between discovering a potential issue and deciding whether to self-report is the most critical phase of any white-collar matter. Companies don’t need to fully investigate before approaching the SFO but they do need enough understanding to make a credible disclosure.
That means internal investigation has to happen quickly, scoping the potential conduct, preserving documents, identifying key custodians and securing digital communications before anyone has the bright idea to “tidy up” their inbox. The SFO’s updated guidance explicitly addresses voluntary waiver of legal privilege over internal investigation interview records which is a significant decision because it’s irreversible and carries downstream litigation risk.
White-collar cases rarely involve the SFO alone. The FCA, PRA, HMRC, NCA and CMA may all have concurrent jurisdiction and cross-regulator coordination has intensified considerably. The FCA in particular has shifted toward data-led early detection using AI and analytics to spot anomalies before formal investigations even begin, commencing fewer but higher-impact enforcement actions.
And document preservation matters from day one. Under POCA and the Criminal Procedure and Investigations Act 1996 destroying or concealing documents relevant to an investigation is itself a criminal offence. The moment a potential issue surfaces a litigation hold needs to go in place across the organisation.
Where UK Enforcement Is Heading
The direction is clear even if the pace is debatable.
- SFO — wider pre-investigation powers, clearer cooperation guidance, twelve DPAs completed with Ultra Electronics signalling renewed appetite for corporate resolutions.
- FCA — operating as a data-led regulator, commencing fewer but higher-impact enforcement investigations. AI-driven anomaly detection is identifying misconduct earlier in the cycle.
- CMA — gained strengthened investigatory and penalty powers under the Digital Markets, Competition and Consumers Act 2024.
- Cross-regulator coordination between SFO, FCA, PRA, OFSI and NCA has moved from occasional to routine.
- HMRC whistleblower reward scheme announced in the 2025 Budget, with the SFO publicly advocating for equivalent incentives for economic crime reporting.
For companies operating in regulated sectors the message from every enforcement body is consistent. Have procedures in place, document them, follow them, review them, and if something goes wrong report it early and cooperate fully. The alternative, waiting to be found, is getting more expensive with every passing year.
This article is for informational purposes only and does not constitute legal advice. White-collar criminal matters are complex and jurisdiction-specific. Readers should consult a qualified legal professional for guidance specific to their circumstances.