The Serious Fraud Office spent seven years investigating Ultra Electronics before a judge approved a fifteen million pound Deferred Prosecution Agreement in May 2026. Ten million in penalties and four point eight million in investigation costs, all stemming from bribery offences that stretched across Algeria, Oman and eventually every jurisdiction the company operated in. The company self-reported back in 2018, changed ownership entirely when Advent International took it private in 2022, replaced its leadership, restructured its compliance systems and still ended up writing a very large cheque.
That outcome tells you something important about where UK white-collar enforcement sits right now. The SFO moves slowly, sometimes painfully so, but when it lands the numbers are real and the company that comes out the other side rarely looks anything like the one that went in.
The Laws That Get Used in These Cases
There’s no single white-collar crime statute in the UK. The charges get pulled from different Acts depending on what allegedly happened and prosecutors will often layer multiple charges from different legislation on the same set of facts.
- Fraud Act 2006 — the workhorse. Section 2 covers fraud by false representation, Section 3 deals with failing to disclose information and Section 4 handles abuse of position, which is the one that catches directors and senior employees most often. Maximum sentence: ten years.
- Bribery Act 2010 — widely considered one of the toughest anti-bribery laws globally. Section 7 creates a strict liability corporate offence of failing to prevent bribery. The only defence is proving “adequate procedures” were in place. This is what caught Ultra Electronics.
- Proceeds of Crime Act 2002 — gives prosecutors and the NCA powers to confiscate criminal proceeds and pursue money laundering charges. Up to fourteen years’ imprisonment.
- Companies Act 2006 — covers fraudulent trading (Section 993), false statements to auditors, and directors’ duties breaches.
- Economic Crime and Corporate Transparency Act 2023 (ECCTA) — the big one. Introduced the failure to prevent fraud offence from 1 September 2025.
That last Act changed everything so it’s worth understanding properly. It applies to large organisations meeting at least two of three thresholds: turnover over thirty-six million pounds, balance sheet over eighteen million, or more than 250 employees. Before ECCTA prosecutors had to prove a senior manager directed or participated in fraud to hold the company liable. Now if an “associated person” — employee, agent, subsidiary, consultant, including those based outside the UK — commits fraud for the organisation’s benefit and reasonable prevention procedures weren’t in place, the company is automatically on the hook.
Worth sitting with that for a moment. A consultant working from Singapore who commits fraud benefiting a London-headquartered company can trigger criminal liability for the UK entity if prevention procedures weren’t documented and followed.
How the SFO Puts a Case Together Before Anyone Knows
Although you may assume that investigations begin with a knock on the door, the SFO often spends months discreetly constructing the image by that point. They trace money transfers across jurisdictions and frequently work in tandem with counterpart agencies in the US and EU to obtain banking and transaction records through production orders and requests for international mutual legal assistance.
For prosecutors, internal communications are a treasure trove. Slack threads, Teams chats, WhatsApp messages, and emails. In terms of gaining access to digital communications, the SFO has been more assertive, and courts have typically supported extensive disclosure requests. Three years hence, a disposable message sent on a Tuesday at eleven p.m. might be used as evidence in a prosecution.
Because the lack of documented compliance procedures constitutes proof of the crime under the new ECCTA framework, compliance and audit records are closely examined. Additionally, the importance of whistleblower reports is growing each. Inspired by the US model, SFO Director Nick Ephgrave actively supported cash rewards for whistleblowers throughout the most of his career before announcing his resignation in March 2026. In the 2025 Budget, HMRC launched a formal whistleblower reward program for revealing tax fraud, and the SFO wants the same for economic crime.
The Ultra Electronics Timeline
Worth walking through because it shows what seven years of investigation actually looks like from the inside.
When Ultra Electronics self-reported possible corruption in Algeria in 2018, it all began. The probe was extended to Oman in late 2022. By 2024, the SFO had examined every country in which the business conducted business worldwide. The SFO concluded that there were insufficient prerequisites for a “meaningful agreement” and actually left the table when DPA negotiations began.
After that, the company’s ownership changed. In August 2022, Advent International delisted it from the FTSE 250, turned it private, and appointed completely new executives. Negotiations didn’t start up again until the SFO was convinced that the new management had “both the willingness and the capacity to engage in good faith.”
The outcome was the SFO’s first successful corporate bribery enforcement case since Glencore’s record-breaking 276 million pounds in 2022, as well as its first DPA in five years.
Seven years. An entirely new corporate identity. And still fifteen million pounds out the door.
Deferred Prosecution Agreements — What They Actually Are
A DPA is essentially a deal between the prosecutor and the company where prosecution gets suspended provided the company meets conditions. Those conditions typically include a financial penalty, disgorgement of profits, payment of investigation costs, continued cooperation with the prosecutor and a corporate renewal programme. A judge has to approve the agreement as being in the interests of justice with terms that are fair, reasonable and proportionate.
The SFO has completed twelve DPAs in total ever. Companies self-reported in nine of those twelve.
On 24 April 2025 the SFO published new cooperation guidance that was the strongest signal yet on how self-reporting would be treated:
- Companies that self-report and cooperate fully can now expect to be invited to negotiate a DPA rather than face prosecution, unless exceptional circumstances apply.
- The SFO commits to making contact within 48 hours of receiving a self-report.
- Decision on whether to open an investigation: within six months.
- DPA negotiations, once started: generally concluded within six months.
- A knowing failure to promptly self-report now “weighs heavily against” the company.
The approach deliberately mirrors developments in the US where federal prosecutors have refined what legal commentators call the “carrots and sticks” model over the past decade, rewarding voluntary disclosure while making the consequences of non-cooperation significantly harsher.
The G4S Case — When the Company Pays and the Individuals Walk Free
This one is worth knowing about because it shows how corporate and individual liability can pull in completely opposite directions.
G4S agreed a forty-four million pound DPA with the SFO in 2020 for fraud against the Ministry of Justice over a prisoner-tagging contract. The company admitted guilt for misleading the government about its actual profits. Three executives were separately charged with seven counts of fraud for false representations they’d allegedly made to the MoJ between 2009 and 2012.
All three were acquitted at the Old Bailey in March 2023 after the SFO halted the case, stating it was “no longer in the public interest” to pursue charges. The executives described the DPA as “G4S signing a false confession.”
So the company paid forty-four million. The individuals walked free. What the company admits for pragmatic reasons and what individual directors actually did can be entirely different legal questions and that tension runs through every single white-collar investigation.
What Early Legal Engagement Looks Like in Practice
The gap between identifying a possible problem and determining whether to self-report is the most crucial stage of any white-collar situation, according to the SFO’s own guidelines. Businesses can approach the SFO without conducting a thorough investigation, but they must have sufficient knowledge to make a credible disclosure.
This means that before anyone has the brilliant notion to “tidy up” their inbox, an internal investigation must be conducted promptly in order to scope the possible behaviour, preserve records, identify key custodians, and secure digital communications. The voluntary release of legal privilege over internal investigation interview records is specifically addressed in the SFO’s new advice. This is an important choice because it bears downstream litigation risk and is irreversible.
The SFO is rarely the only party involved in white-collar cases. Cross-regulator collaboration has significantly increased, and the FCA, PRA, HMRC, NCA, and CMA may all have concurrent authority. The FCA in particular has shifted toward data-led early detection using AI and analytics to spot anomalies before formal investigations even begin, commencing fewer but higher-impact enforcement actions.
And document preservation matters from day one. Under POCA and the Criminal Procedure and Investigations Act 1996 destroying or concealing documents relevant to an investigation is itself a criminal offence. The moment a potential issue surfaces a litigation hold needs to go in place across the organisation.
Where UK Enforcement Is Heading
The direction is clear even if the pace is debatable.
- SFO — wider pre-investigation powers, clearer cooperation guidance, twelve DPAs completed with Ultra Electronics signalling renewed appetite for corporate resolutions.
- FCA — operating as a data-led regulator, commencing fewer but higher-impact enforcement investigations. AI-driven anomaly detection is identifying misconduct earlier in the cycle.
- CMA — gained strengthened investigatory and penalty powers under the Digital Markets, Competition and Consumers Act 2024.
- Cross-regulator coordination between SFO, FCA, PRA, OFSI and NCA has moved from occasional to routine.
- HMRC whistleblower reward scheme announced in the 2025 Budget, with the SFO publicly advocating for equivalent incentives for economic crime reporting.
For companies operating in regulated sectors the message from every enforcement body is consistent. Have procedures in place, document them, follow them, review them, and if something goes wrong report it early and cooperate fully. The alternative, waiting to be found, is getting more expensive with every passing year.
This article is for informational purposes only and does not constitute legal advice. White-collar criminal matters are complex and jurisdiction-specific. Readers should consult a qualified legal professional for guidance specific to their circumstances.