Serious Fraud Office’s Deferred Prosecution Agreement with Ultra Electronics: what businesses should take from the May 2026 agreement

It marks the SFO’s first DPA since 2021 and provides a timely indication of how the agency is approaching corporate bribery enforcement, cooperation and compliance remediation. 

For businesses operating in higher-risk jurisdictions, or using agents, intermediaries and joint venture structures, the case is a practical reminder that anti-bribery controls must be real, tested and embedded across the business.

What is a DPA?

A DPA is a statutory mechanism that allows a corporate body such as a company, partnership or unincorporated association to avoid immediate prosecution for certain economic offences if it agrees to comply with terms negotiated with the prosecutor and approved by the court.

In England and Wales, the regime is set out in Schedule 17 to the Crime and Courts Act 2013  (“the Act”).

Under that legislation, the prosecutor (usually the SFO or Crown Prosecution Service) may invite an organisation to enter into DPA negotiations in relation to specified offences, including fraud, bribery and money laundering offences. If agreed, the prosecution is instituted but automatically suspended once the DPA is approved by the Crown Court. 

The court must be satisfied that the DPA is in the interests of justice and that its terms are fair, reasonable and proportionate. Typical terms may include payment of a financial penalty, disgorgement of profits, compensation, cooperation obligations, compliance improvements and ongoing reporting. If the organisation complies with the DPA, the prosecution is ultimately discontinued; if it breaches the terms, the prosecutor may apply to lift the suspension and continue the criminal proceedings.

A key point is that a DPA is not available to individuals under the Act; it applies only to organisations. 

The process also sits alongside the underlying substantive offences and in this case, the DPA was the procedural vehicle for resolving the alleged criminal liability, while the underlying offence was committed under a separate piece of legislation.

What did the DPA cover?

The DPA, approved on 1 May 2026, resolved the SFO’s investigation into the Company for three counts of failure to prevent bribery under Section 7 of the Bribery Act 2010.

Under section 7 of the Bribery Act 2010, a commercial organisation commits an offence if a person associated with it bribes another person intending to obtain or retain business, or a business advantage, for that organisation. 

In practice, the prosecution does not need to show that the company authorised or knew about the bribery at board level; the focus is on the act of the associated person and the connection to the organisation’s business. 

The statutory defence is for the organisation to prove that, at the relevant time, it had adequate procedures in place designed to prevent associated persons from engaging in bribery. 

For businesses, that makes section 7 less about wrongdoing in the abstract and more about whether anti-bribery controls are genuinely effective, proportionate and embedded in day-to-day operations.

The conduct in question concerned public sector contracts pursued by the Company in Oman and Algeria through the use of agents. 

According to the SFO’s published materials, one of the contracts involved airport IT work for the Omani Ministry of Transport and Communications and was said to be worth up to £200 million. 

Two further opportunities related to projects in Algeria, including work at Houari Boumediene Airport in Algiers and a public key infrastructure project for the Algerian Ministry of Post and Telecommunications. 

The Company agreed to pay a financial penalty of just over £10 million and around £4.8 million in SFO costs, as well as comply with ongoing reporting and compliance obligations for three years.

The DPA also matters because of its procedural context. 

The investigation began after a self-report in 2018, later widened to other jurisdictions, and the eventual resolution followed a period of change in ownership, leadership and compliance arrangements. 

The judgment and related materials suggest that the SFO was prepared to take account of subsequent remediation and cooperation, even in a case with a long and complex history. 

That is important because it reinforces a familiar but sometimes difficult message: early engagement remains important, but the quality, consistency and credibility of cooperation over time may prove equally significant when prosecutors and the court assess whether a DPA is in the interests of justice.

Why does this matter?

From an enforcement perspective, the case is significant because it shows that the SFO remains willing to use the DPA regime in bribery cases and continues to see corporate resolutions as a live tool. 

That may sound obvious, but after a quieter period for DPAs, the agreement is likely to be read as an indication that corporate enforcement remains firmly on the agenda. 

The fact that the conduct involved overseas public sector contracts, intermediaries and high-risk markets will also be familiar to compliance teams. 

In practice, those are the areas where enforcement agencies continue to expect robust due diligence, effective escalation routes and meaningful oversight from legal, compliance and business leadership.

The case is also a reminder of the breadth of the Section 7 offence. 

A company does not need to have authorised bribery at board level to face serious consequences. 

If a person associated with it bribes another person intending to obtain or retain business or an advantage for the company, the central question becomes whether the organisation had adequate procedures designed to prevent that conduct. 

That makes this a governance issue as much as a legal one. 

Boards and senior management should see anti-bribery compliance not as a paper exercise, but as part of the broader framework for managing operational and reputational risk.

What are the practical lessons for businesses?

Firstly, businesses should revisit how they assess and manage bribery risk in relation to third parties. Agents, consultants, introducers and consortium partners can present acute risk, particularly where they are engaged in connection with public procurement or business in jurisdictions perceived to carry elevated corruption exposure. 

Due diligence should not be a one-off onboarding exercise. It should be refreshed, documented and matched to the realities of the relationship, including commission structures, payment routes, political exposure, local ownership arrangements and the commercial rationale for the appointment.

Secondly, compliance programmes need to be capable of demonstrating effectiveness in practice. Training, policies and contractual protections all matter, but they are unlikely to be enough if there is weak monitoring, poor record-keeping, limited challenge from control functions or a culture that tolerates red flags being explained away. 

Businesses should consider whether internal reporting channels work, whether concerns are escalated quickly enough, whether high-risk deals receive senior scrutiny, and whether lessons from past issues are actually implemented across the group rather than confined to one business unit or region.

Thirdly, the case underlines the importance of thinking strategically once potential misconduct is identified. Issues around internal investigation, self-reporting, employee interviews, legal professional privilege, regulator engagement and remediation all need careful handling at an early stage. 

There is no single formula, and every situation will turn on its facts. However, organisations are likely to be in a stronger position if they can show that they moved quickly to understand the issue, preserve evidence, address immediate risk and make credible improvements rather than waiting for external scrutiny to force change.

What happens next?

For the Company, the immediate effect is that prosecution has been suspended subject to compliance with the terms of the agreement, including annual reporting on its anti-bribery programme over the three-year term. 

More broadly, the DPA is likely to be studied as an indicator of how the SFO expects companies to behave when misconduct comes to light. The message is not simply that bribery enforcement continues. It is that prosecutors and courts will look closely at the overall corporate response: the speed of reporting, the quality of cooperation, the seriousness of remediation and whether the business can demonstrate genuine cultural and control improvements.

For in-house legal and compliance teams, the practical takeaway is straightforward. This is a useful moment to review anti-bribery risk assessments, test third-party controls, revisit procedures for escalating concerns and ensure that governance arrangements are capable of standing up to prosecutorial scrutiny. 

The Ultra Electronics agreement does not change the legal test under section 7, but it does provide a current and concrete example of the risks facing businesses with international operations and the steps enforcement agencies will expect to see if things go wrong.