The UK’s reinvigorated enforcement landscape in 2026

The SFO: speed, partnership, and the new “deal” for corporates

The SFO enters the year as the most visible symbol of the shift in UK enforcement dynamics. Clear indications of a change in tempo include more visible use of intrusive powers, a pipeline of fraud and bribery matters, and renewed public commitments to accelerate case progression. Whether this represents a lasting improvement will become clearer as investigations pass through the system, but the operational signals are notable.

In January 2025, the agency secured its first Unexplained Wealth Order, signalling a more assertive use of its full enforcement toolkit. And then in late November 2025, the SFO executed coordinated dawn raids connected to its investigation into Basis Markets, a cryptocurrency investment scheme. The action underlines the agency’s continued willingness to deploy its search powers in complex, fast-moving investigations.

The SFO’s April 2025 guidance on cooperation and enforcement created, for the first time, a clear presumption in favor of DPAs where companies self-report suspected wrongdoing and cooperate fully, “unless exceptional circumstances apply”. SFO director Nick Ephgrave called the change a “cast-iron guarantee” – a deliberate move to provide the certainty that boards and general counsels have long sought. At the same time, commentators have questioned how this approach will sit alongside the judiciary’s independent duty to assess whether any DPA is in the interests of justice and whether its terms are fair and proportionate.

The agency has coupled this pragmatic “carrot” with unprecedented timelines: contact within 48 hours of a self-report, a decision on investigation within six months, and the expectation that any DPA negotiations, where they occur, should conclude within a further six. These commitments, together with public assurances of faster case progression, reflect an ambition to shed the perception of delay that has dogged major investigations in recent years, though the real test lies in delivery rather than aspiration.

Running in parallel is a broader prevention-led partnership with business. The SFO’s 2024–29 Strategy and subsequent Business Plan frame this partnership as a shared enterprise: helping companies benchmark controls, share intelligence, and build fraud-resilient cultures. Michael Gallagher, the agency’s chief investigator, has described the goal as balancing “the carrot and the stick”: offering insight and collaboration for those committed to strong governance, while reserving tougher tools for those who aren’t. It is a more supervisory, quasi-regulatory posture – yet anchored to an active enforcement agenda.

The “stick”: Failure to Prevent Fraud and expanded liability

The centerpiece of that agenda is the FtPF offense, which took effect on 1 September 2025 under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). The offense imposes strict liability on large organizations when an employee, agent, subsidiary, or other associated person commits a fraud to benefit the company, unless the company can prove it had “reasonable procedures” in place to prevent the fraud.

Ephgrave has been explicit about his intent: he is “very, very keen to prosecute” under the new law, warning that “if companies haven’t sorted themselves out, we’re coming after them.” The official guidance emphasises six core principles – including top-level commitment, risk assessment, and ongoing monitoring – requiring a documented, proportionate set of controls.

ECCTA introduced a second, often-overlooked reform: a new senior manager attribution rule making it easier to hold companies directly liable for the acts of senior managers. Unlike the FtPF offense, this rule carries no “reasonable procedures” defense. Together, these measures expand the enforcement toolkit dramatically, creating a powerful incentive for early engagement with authorities.

Beyond the SFO: a wider enforcement ecosystem

The UK’s new Anti-Corruption Strategy (ACS), launched in December 2025, now provides the overarching framework for a wider enforcement ecosystem, treating corruption as both a national security risk and a drag on growth and bringing together law enforcement capability, institutional integrity reforms, and international initiatives under a single three-pillar plan.

In August 2025, HMRC brought its first-ever prosecution under the failure to prevent the facilitation of tax evasion offense – nearly eight years after the Criminal Finances Act 2017 created the offense. The case against a small accountancy firm from the North West of England signals a new willingness to use the legislation in court. The case also underscores the direction of travel: all parts of the economic crime framework are being tested in practice.

Under ECCTA, Companies House has begun exercising its expanded powers, verifying directors’ identities, querying suspicious filings, and striking off dormant or fraudulent entities. Its shift from passive registrar to active gatekeeper marks one of the most significant operational transformations in UK corporate regulation in decades.

The Insolvency Service, traditionally focused on post-failure misconduct, is pursuing a five-year strategy to “play a leading role in tackling economic crime”. The agency is expanding its investigation and prosecution remit and building a referral pipeline with Companies House – part of a broader whole-system approach championed by the National Economic Crime Centre (NECC). A recent multi-agency sweep led by the NECC saw over 11,000 companies struck off, combining intelligence from The Insolvency Service, HMRC, and Companies House in a single coordinated action.

The National Crime Agency (NCA) has also stepped up its activity. In Operation Machinize, which targeted barbershops and other cash-heavy businesses, the NCA coordinated a huge nationwide crackdown on large-scale fraud and money-laundering networks, targeting high-harm organized groups and seizing significant digital evidence.

In parallel, the ACS commits to expanding the City of London Police’s Domestic Corruption Unit and piloting artificial intelligence-enabled “corruption investigation assistants” for regional and local forces, designed to help investigators interrogate years of suspicious activity reports and other datasets in minutes rather than months.

Rising expectations for corporate compliance

For businesses, these developments mean a substantive refresh of compliance controls is necessary. The new FtPF offense requires a dedicated fraud risk assessment – expected by the UK government to take 100–130 hours for large organizations – and many companies are using this as an opportunity to stress-test and uplift existing procedures.

The SFO’s new DPA model adds a further dimension: timing. Companies will have to assess issues early and decide swiftly whether to self-report. The guidance makes clear that forum-shopping – reporting to foreign authorities while delaying UK engagement – may be treated as uncooperative. The risk of parallel exposure is real: where U.S. prosecutors focus narrowly on individual accountability, the United Kingdom is doubling down on corporate liability.

International enforcement dynamics

These domestic reforms coincide with a shift abroad. The U.S. Department of Justice’s revised Foreign Corrupt Practices Act guidance creates potential gaps in cross-border enforcement. The SFO has moved quickly to fill that space, deepening its collaboration with the DOJ and European counterparts through new task forces and its recent accession to the International Anti-Corruption Coordination Centre.

The ACS commits to a Countering Illicit Finance Summit, an expanded network of overseas illicit-finance experts, and a renewed focus on sanctions evasion and kleptocracy.

Against this backdrop, the UK’s strategy is distinctive. Rather than positioning itself as the harshest enforcer, it seeks to be the most predictable – offering clear rules, expedited resolutions, and consistent treatment for companies that engage early. That balance of toughness and certainty is a competitive advantage in the global enforcement marketplace, but time will tell whether big corporates will take the SFO seriously after years of high-profile failures.

Practical takeaways for corporates

• Prepare for FtPF. Large organizations should prioritise the dedicated fraud risk assessment required under the new offense and ensure the findings translate into proportionate enhancements to controls.
• Strengthen integrated prevention frameworks and re-map corruption risk in UK “growth” sectors. Anti-fraud, anti-bribery, and tax-evasion controls should sit within a single governance structure, supported by clear ownership, senior manager mapping, and documented decision-making lines, with particular focus on procurement and public-service touchpoints in sectors such as construction, infrastructure, housing, health, and technology. Boards should be able to demonstrate active oversight of how these frameworks operate in practice.
• Prepare for rapid engagement with authorities. Internal investigation protocols should support early escalation, swift evidence preservation, and (if appropriate) timely self-reporting decisions. Be ready for coordinated multi-agency action.
• Anticipate shifts in whistleblowing risk. The ACS signals that whistleblowing reforms – including potential financial incentives for economic-crime reports – are on the horizon. Firms should make sure internal speak-up routes are trusted and effective.

The UK’s enforcement environment is entering a new phase. The combination of the SFO’s transactional approach, the arrival of FtPF, and greater operational activity across agencies signals a system designed for both deterrence and dialogue. But meaningful change will depend on whether these developments deliver sustained progress on the ground. 2026 is likely to be a year of steady change, and if enforcement agencies keep up the pace and the ACS is delivered in practice, it could be when the United Kingdom finally starts to re-emerge as a global leader in tackling complex corporate crime.

Authored by Reuben Vandercruyssen, Liam Naidoo, and Michael Roberts.