Does the SFO Director's speech mean my organisation is at risk?

A speech about enforcement intent does not mean any particular organisation is under investigation or at elevated risk. It signals that the SFO is treating the offence as a priority enforcement tool. Whether any organisation is in scope or at risk requires a legal assessment of its specific circumstances.

Does active enforcement mean our procedures are inadequate?

No. Active enforcement posture means the SFO is taking the offence seriously as a tool, not that procedures of a particular organisation are inadequate. Adequacy is assessed against the facts of a specific organisation and the six Home Office principles, with qualified legal review.

Enforcement posture

SFO enforcement posture 2026 and ECCTA evidence readiness.

Q: Should we include the SFO speech in board papers?

It can be useful as context for why ECCTA evidence work is a board-level priority. The safe framing is: enforcement posture has become more active; these are the steps we are taking to organise evidence of our prevention procedures.

A sourced guide to what the SFO Director's June 2026 speech means for evidence teams — how to use enforcement posture context in board work without overclaiming investigation status or certain prosecution outcomes.

What the SFO Director said in June 2026

In a June 2026 anti-corruption conference speech, the SFO Director described the failure-to-prevent-fraud offence as a tool the SFO is committed to using fully — both as a prosecution route and as a mechanism for driving cultural change in how organisations manage fraud risk.

The Director noted that conduct committed anywhere in the world with a UK nexus is captured, highlighting the extraterritorial reach of the offence as a significant feature.

Posture signals from official speeches indicate enforcement intent, not the likelihood of any particular outcome for a specific organisation. They do not mean any named organisation is under investigation or will be prosecuted.

How to use posture context in evidence work

Posture signals support the internal case for investing in evidence readiness. They are useful for board papers and internal risk assessments that explain why ECCTA evidence work is a priority.

They should not be translated into claims about whether a specific organisation is likely to be investigated or prosecuted. That assessment requires legal advice specific to the organisation's circumstances.

The safe framing is: enforcement posture has become more active; the organisation is taking steps to organise evidence of fraud-prevention procedures so that it can respond to any enquiry from a position of documented preparedness.

The SFO compliance-programme evaluation guidance remains central

The SFO compliance-programme evaluation guidance published in November 2025 describes how the SFO may evaluate a corporate compliance programme — including for ECCTA failure-to-prevent-fraud purposes.

It focuses on whether controls operated in practice, not just whether policies existed. A board paper or adviser workpaper should show who owned each control, when it ran, what evidence was reviewed, and what exceptions were found.

What makes evidence useful at this enforcement posture level

When enforcement is active, the difference between a reviewable defence file and a scattered set of policies and emails becomes material. The workpaper that helps is one that shows, by procedure and by period, what existed, who reviewed it, and what changed.

Key elements: a dated scope-screening analysis, a fraud risk assessment with scenario-to-control mapping, per-principle evidence items with reviewer decisions, an associated-person due-diligence log, and a board-pack blocker register showing open gaps.

These elements are useful regardless of enforcement posture, but posture context makes the internal prioritisation case clearer.

Extraterritorial reach: what it means for evidence scope

The SFO Director's speech highlighted that the failure-to-prevent-fraud offence captures conduct anywhere in the world where there is a UK nexus. For groups with overseas operations, that means the associated-person population and the fraud risk assessment cannot be limited to UK-based activities.

Evidence scope should reflect the organisation's actual associated-person footprint — including overseas agents, distributors, and intermediaries — to the extent that those relationships could engage the offence.

Whether any particular overseas relationship creates a UK nexus is a legal determination; the evidence file should capture the relationships and the review conclusions, not assert a scope finding.