SFO guidance and evidence in operation for ECCTA workpapers.

The SFO compliance-programme evaluation guidance says policies, procedures, and controls alone do not mean a compliance programme is effective.

For ECCTA failure-to-prevent-fraud evidence teams, that means a file should show how controls operated: who owned the control, when it ran, what evidence was checked, what exception was found, and what changed afterwards.

The guidance describes evaluation of a programme at different points, including the time of relevant conduct, the current state of the programme, and expected future reform where a DPA or other outcome requires it.

A defence-file workflow can mirror that structure without predicting any enforcement outcome: what existed then, what exists now, and what planned action remains open.

Useful evidence includes fraud risk assessment updates, due-diligence samples, approvals, exception reports, monitoring outputs, training records, issue remediation, whistleblowing trend review, and board or committee oversight records.

Each item should keep owner, date, source, review status, linked scenario, reviewer decision, and replacement lineage visible.

AI-assisted classification can help triage evidence, but the SFO-facing question is whether the organisation can explain and evidence the programme's operation.

DefenceFile therefore keeps draft classification separate from human-approved mapping and records audit events for material review decisions.

The Joint CPS-SFO Corporate Prosecutions guidance and the SFO Director's June 2026 speech are useful posture context for buyer readiness work.

They should not be turned into claims about whether any specific organisation is under investigation, likely to be prosecuted, or likely to receive a particular outcome.