Global Investigations Bulletin

The SFO has entered its first Deferred Prosecution Agreement since 2021 with a UK defence and aerospace company, resolving allegations of failure to prevent bribery involving overseas agents in Algeria and Oman. The resolution followed a 2018 self-report and includes a £10 million financial penalty, £4.8 million in costs, and ongoing obligations to report on and strengthen its anti-bribery and corruption policies and procedures over a three-year period. The case underscores several key enforcement themes, including: the continued importance of robust third-party risk management; and the decisive role of sustained cooperation and remediation, particularly following ownership change and governance overhaul. It also highlights increasing expectations around group-level accountability, with parent company undertakings playing a role in securing the DPA and ensuring effective compliance oversight across corporate structures. The SFO has decided not to charge any individuals in connection with the investigation.

The agency has continued to demonstrate activity across the range of its enforcement powers, opening a new fraud investigation, in April, into three UK companies in relation to the Energy Company Obligation 4 (ECO4) scheme, which aims to reduce fuel poverty and carbon emissions. The SFO carried out dawn raids at six UK premises, arrested four individuals, and issued a public appeal for information. On 22 June the SFO opened another new investigation into Internet Mobile Communications Limited (IMC), a collapsed UK telecoms technology company, which operated an international platform processing large volumes of voice and SMS transactions before its collapse in 2024. The investigation into IMC concerns suspected fraud, false accounting and money laundering. The SFO said it is working in parallel with the New York District Attorney’s Office, which has also opened its own investigation into the matter. These investigations continue a trend seen at the SFO in recent years, with enforcement activity increasingly focused on smaller, UK-centric fraud matters rather than the large-scale international corruption investigations involving major listed multinationals that characterised the agency’s caseload five to ten years ago.

The SFO has also continued to pursue enforcement in existing matters, taking a firm stance on breaches of restraint orders and the recovery of criminal proceeds. Former London Capital & Finance CEO Michael Thomson was sentenced to six months’ imprisonment, and his wife received a suspended sentence, after admitting breaches of an SFO restraint order during the course of the investigation into the collapsed investment scheme. In parallel, the SFO secured a further £491,967.97 in confiscation proceedings against Alan Gardner, who was convicted in 2009 for operating a fraudulent investment scheme targeting British expatriates in Jakarta, after uncovering additional assets acquired since his original 2009 confiscation order.

In a positive result for the SFO, the High Court upheld its search warrants in the ongoing Blu-3/Mace Group-related bribery investigation concerning the construction of a Microsoft data centre in the Netherlands. The Court confirmed the SFO was entitled to rely on HMRC material obtained during a separate civil tax investigation and found there were sufficient grounds for the warrants.

The SFO has been successful in resisting an application by three former London Mining executives seeking to recover their legal costs after the agency discontinued its bribery prosecution against them shortly before trial. The case was dropped following the discovery that significant volumes of investigation material had not been properly uploaded to the SFO’s document management system. As part of the costs application, the executives alleged that the SFO had engaged in improper evidence-gathering practices in Sierra Leone, including the use of intermediaries who allegedly misrepresented the purpose of document requests and obtained potentially privileged material. The application was brought under section 19 of the Prosecution of Offences Act 1985, which allows costs orders where a prosecutor has acted improperly or unnecessarily. However, the threshold is a high one and requires a clear departure from proper prosecutorial standards. The judge concluded that this test had not been met and declined to award costs against the SFO.

At a strategic level, interim Director Graham McNulty, speaking in New York on 3 June, signalled a more assertive, intelligence-led enforcement approach and warned that firms which fail to self-report or cooperate face heightened enforcement risk. He emphasised that the SFO’s revised corporate cooperation guidance provides a clear incentive for prompt self-reporting and full cooperation, with such conduct generally leading to an invitation to negotiate a Deferred Prosecution Agreement, but that this sits alongside a significant expansion in proactive intelligence gathering, use of surveillance powers, whistleblower reporting and enhanced investigative technology. He underlined that, taken together, these developments increase the likelihood that misconduct will be identified and pursued even where it is not self-reported. He also highlighted the SFO’s international cooperation, including close collaboration with the US Department of Justice and its anti-corruption taskforce with French and Swiss counterparts. While the speech signals an ambitious enforcement agenda, many of the themes highlighted have featured prominently in the SFO’s strategic messaging for a number of years. The key question will be the extent to which these priorities translate into tangible changes in investigative activity and enforcement outcomes over the coming months and years.

Finally, a review by HM Crown Prosecution Service Inspectorate examined the SFO’s use of external counsel at the pre-charge stage, finding it to be broadly effective, with counsel appropriately supporting complex investigations while key decision-making remained with the agency. However, the review identified areas for improvement, including clearer guidance on instructions, strengthened approval processes, better documentation, and improved tracking and oversight of instructed lawyers to ensure value for money and diversity of instruction. The SFO has accepted all six recommendations.

The FCA has closed its investigation into Drax Group PLC, confirming that, following an extensive investigation involving the review of thousands of pages of complex material, it had not found evidence to justify any further action. The investigation, announced in August 2025, concerned historical disclosures relating to the sustainability of Drax’s Canadian biomass. The FCA explained that where the evidence does not support action, it closes cases “as swiftly as possible”.

The FCA has censured Sapia Partners LLP for breaches of Principle 10 and the Client Assets Sourcebook (CASS) rules in connection with its oversight of client money arrangements linked to failed wealth management firm WealthTek. The regulator found that, between 2014 and 2020, Sapia failed to maintain adequate organisational arrangements and controls, resulting in material weaknesses in client money segregation, record-keeping and governance. In practice, WealthTek staff were able to access and transfer client money with insufficient oversight or segregation of duties, exposing approximately £150 million of client funds to risk. Despite these failings, the FCA did not impose a financial penalty, instead accepting a voluntary payment of over £19.6 million agreed by Sapia with support from its parent company, alongside full cooperation with the investigation. The FCA cited the firm’s “exemplary cooperation” and acceptance of its failings as key factors in its decision. The case highlights the regulator’s increasing willingness to calibrate enforcement outcomes based on cooperation and remediation, while reinforcing the importance of robust CASS compliance, clear policies, and effective segregation of responsibilities in client money arrangements.

The FCA has fined Carlos Fuenmayor, CEO of BancTrust, £99,600 for negligently failing to disclose matters relevant to his fitness and propriety, including a US regulatory investigation and sanction, and the freezing of his and his companies' bank accounts by Venezuelan authorities. The FCA found that these omissions breached Senior Manager Conduct Rule 4, which requires individuals to disclose appropriately any information the FCA could reasonably expect notice of. Mr Fuenmayor has referred the Decision Notice to the Upper Tribunal, meaning the FCA's findings remain provisional. The case highlights the FCA's expectation that senior managers take a broad and proactive approach to regulatory disclosures, particularly in relation to overseas investigations and sanctions. It also demonstrates the FCA's willingness to pursue personal enforcement action for negligent disclosure failures, even where it does not conclude that an individual lacks fitness and propriety.

The FCA has banned and fined financial adviser Frank Breuer £755,000 for what it described as serious misconduct in connection with defined benefit pension transfer advice provided through his firm, Bluesky Wealth Management. The FCA found that Breuer continued to advise on pension transfers despite knowing the firm lacked the required professional indemnity insurance and repeatedly misled the regulator about its insurance position. The FCA also concluded that Breuer breached restrictions imposed on the firm by diverting assets through dividends, loans and connected accounts, while customer complaints relating to unsuitable advice were subsequently upheld by the Financial Ombudsman Service. Following Bluesky's insolvency in 2023, customer liabilities of at least £214,000 were left to be met by the Financial Services Compensation Scheme. The case demonstrates the FCA's continued willingness to pursue significant sanctions against individuals for misconduct involving customer harm, regulatory dishonesty and failures to comply with supervisory restrictions.

The FCA has provided further guidance on its proposed motor finance compensation scheme, following its March 2026 Policy Statement (PS26/3). The scheme is now subject to legal challenges in the Upper Tribunal, raising questions about its implementation timetable and final structure. Parliamentary scrutiny of the scheme has also intensified, with the Treasury Committee seeking clarification on the impact of the legal challenges and the FCA reaffirming its commitment to ensuring that consumers receive appropriate compensation.

The regulator has also highlighted concerns about poor conduct by certain claims representatives and has announced a new investigation into claims management company Consultation Claims Limited (CCL) in connection with its conduct relating to the motor finance scheme. This is the sixth investigation to be publicly announced by the FCA since the introduction of its revised transparency policy in the June 2025 Enforcement Guide. The investigation follows the FCA's earlier decision to publicly announce an investigation into The Claims Protection Agency Ltd (TCPA), which similarly concerns that firm's approach to pursuing motor finance claims.

The FCA has commenced civil proceedings against Neil Woodford and his latest venture, W4.0, and is seeking an injunction to prevent the company from carrying on what it describes as potentially unlawful activities. The regulator alleges that W4.0's subscription-based platform has been providing regulated investment advice and issuing financial promotions without the necessary authorisation. In response, W4.0 stated that it had been engaged in discussions with the FCA for the past nine months and had made changes to its service to address the regulator's concerns. The company disputes the FCA's characterisation of its activities and has indicated that it intends to continue operating and developing the platform while the proceedings are ongoing. The action follows the FCA's enforcement action against Woodford and Woodford Investment Management in 2025, when the regulator imposed fines of £5.9 million and £40 million respectively for failings relating to the suspension and closure of the Woodford Equity Income Fund, concluding that inappropriate investment decisions had led to an increasing concentration of illiquid assets within the fund.

On 17 June, the Financial Reporting Council (FRC) published reforms to its Audit Enforcement Procedure (AEP), introducing a modernised and more graduated enforcement framework. Moving beyond the previous binary model of formal investigations or private constructive engagement, the updated AEP introduces three new routes to resolution:

• Published Constructive Engagement, which combines remediation with public transparency to promote market-wide learning;
• an Accelerated Procedure, enabling faster resolution where sufficient evidence is already available; and
• an Early Admissions Process, which incentivises firms to cooperate with the FRC at an earlier stage in admitting breaches.

The changes are intended to enable the FRC to respond more quickly and proportionately to regulatory concerns.

The FRC has also continued to pursue high-profile misconduct cases. On 12 May, it imposed penalties on former finance directors of Carillion plc following findings that they acted recklessly and lacked integrity in preparing accounting information prior to the company's collapse in 2018. Former finance directors Richard Adam and Zafar Khan were fined £550,000 and £225,000 respectively, subject to reductions reflecting penalties previously imposed by the FCA and were excluded from the Institute of Chartered Accountants in England and Wales for 15 and 10 years. Three other senior accountants were also sanctioned. Although no findings of dishonesty were made, all admitted acting recklessly and failing to uphold expected professional standards.

On 28 May, the FRC also concluded enforcement proceedings against BDO in relation to its 2019 audit of NMCN PLC, which entered administration in 2021. The regulator identified serious audit failings, particularly in the assessment of long-term contracts, and found that the audit team failed to exercise sufficient professional scepticism, challenge management assumptions and adequately assess going concern risks. Under a settlement agreement, BDO admitted breaches of audit standards and was fined £2 million, reduced to £1.33 million for cooperation and early admissions. The audit engagement partner was fined £75,000, reduced to £49,875, and both received reprimands.

On 23 June the FRC announced it had also imposed sanctions on King & King and audit partner Milankumar Patel for failings in the audits of four GFG Alliance companies between 2019 and 2020. The FRC found that the firm’s significant financial dependence on GFG Alliance entities created threats to auditor independence and objectivity, leading to breaches of ethical and auditing standards. The sanctions include financial penalties, reprimands, restrictions on the firm’s future audit work, and a prohibition on Mr Patel undertaking statutory audit work for three years. The case highlights the FRC’s continued focus on auditor independence, conflicts of interest and audit quality, particularly where firms have significant commercial reliance on a single client group.

Recent developments from the Office of Financial Sanctions Implementation (OFSI) highlight its increasingly assertive enforcement approach.

In April, OFSI published its strategy for 2026–2029, setting out a more proactive, technology-driven vision for sanctions regulation. Built around four pillars - Promote, Enable, Respond and Change (PERC) - the strategy focuses on clearer guidance, stronger engagement with industry, more efficient licensing processes and enhanced enforcement capabilities. Key initiatives include the deployment of AI across licensing, intelligence and enforcement functions, closer collaboration with domestic and international partners, and the introduction of performance targets for regulatory decision-making.

The strategy reflects the expansion of OFSI's remit in recent years, particularly following the introduction of extensive Russia-related sanctions. Since 2021, OFSI has handled more than 1,400 enforcement cases and issued penalties exceeding £22 million. For businesses, the message is clear: sanctions compliance remains a regulatory priority, with firms expected to maintain robust controls, engage proactively with OFSI and self-report potential breaches where appropriate.

Recent enforcement actions demonstrate this approach in practice. In May 2026, OFSI fined the London branch of Deutsche Bank £165,000 for processing payments linked to Okko, which was owned by a sanctioned entity. The bank received a reduced penalty after voluntarily disclosing the breach. Apple’s European subsidiary was also fined by OFSI in March for payments to Okko. 

OFSI's most significant recent action came in June 2026, when it imposed a £1 million penalty on Sabre Global Technologies for continuing to provide services to JSC Ural Airlines after the airline became subject to UK sanctions. OFSI concluded that Sabre had made funds and economic resources available to a designated person and had also engaged in conduct amounting to sanctions circumvention by exploring alternative payment routes to receive funds from the sanctioned entity. The penalty is one of the largest imposed by OFSI in recent years and reflects its classification of the case as "most serious". Key factors included Sabre's efforts to identify alternative payment mechanisms, the substantial value of the transactions, the fact that the conduct continued over several months, and the absence of any application for a sanctions licence.

In a significant decision for the UK sanctions regime, the High Court upheld the lawfulness of sanctions imposed on Sarvar Ismailov, who was designated on the basis that he is the nephew of sanctioned businessman Alisher Usmanov. In Ismailov v Secretary of State for Foreign, Commonwealth and Development Affairs, the Court rejected all seven grounds of challenge to Mr Ismailov's designation.

The Claimant argued that the family designation criterion in the Russia (Sanctions) (EU Exit) Regulations 2019 breached the principle of legality, was disproportionate and ultra vires. He further contended that his designation was unlawful because it was not made personally by the Secretary of State, was disproportionate, irrational, arbitrary and in breach of the Public Sector Equality Duty. The Court dismissed the claim in its entirety, holding that both the family designation provisions and their application to the Claimant were lawful, proportionate and rational.

The judgment confirms that the UK sanctions framework can lawfully provide for the designation of family members of sanctioned individuals, even where those individuals have no personal involvement in the conduct giving rise to the sanctions. It also reinforces the highly deferential approach the courts continue to adopt in sanctions cases, building on earlier decisions in Shvidler and Khan and underlining the significant challenges faced by those seeking to overturn sanctions designations.

The courts have also recently provided important guidance on the interpretation of sanctions-related contractual protections. In Tonzip v 2 Rivers, the Court of Appeal considered a sanctions clause that entitled a vessel owner to refuse instructions where, in its reasonable judgment, compliance would either breach sanctions or expose it to sanctions risk.

The dispute arose after a charterer instructed the vessel owner to load cargo from a Russian oil company linked to a sanctioned individual. Although ownership of the company had purportedly been transferred following the sanctions designation, the vessel owner remained concerned about the possibility of ongoing control and refused to proceed. When the charterer subsequently cancelled the contract, litigation followed.

The Court of Appeal held that a contractual reference to being "exposed" to sanctions establishes a lower threshold than proving that conduct is actually prohibited by sanctions law. It was sufficient for the vessel owner to form an objectively reasonable view that compliance created a real risk of sanctions exposure, even if an actual sanctions breach could not be established. In reaching that conclusion, the Court recognised the practical realities facing commercial parties, who are often required to make decisions quickly and on the basis of incomplete information. The decision confirms that sanctions clauses framed by reference to sanctions "exposure" can provide protection where there is a reasonable and credible risk of sanctions concerns, without requiring certainty that sanctions have in fact been breached.

The ICO has secured total confiscation orders of £118,852.32 against two former RAC employees, following Proceeds of Crime Act proceedings linked to their earlier convictions for conspiracy under the Computer Misuse Act 1990 and the Data Protection Act 2018 for unlawfully accessing and selling around 30,000 lines of personal data. One defendant was ordered to pay £85,727.32 plus costs, with a default sentence of 18 months’ imprisonment for non-payment, while the second paid £33,125 in full following an earlier order. The case follows suspended prison sentences and community orders imposed in 2024 and reflects the regulator’s continued use of POCA to strip offenders of criminal gains, underlining that enforcement does not always end at conviction but can extend to recovering financial benefit from wrongdoing.

The UK Insolvency Service has proposed a significant overhaul of the corporate civil enforcement regime, with reforms that would substantially expand its role beyond insolvency to cover misconduct by directors of live, insolvent and dissolved companies. The proposals include a new director restrictions regime for negligent or incompetent directors, the transfer of director disqualification decisions from the courts to the Insolvency Service, broader investigative and information-gathering powers, reforms designed to make asset recovery claims easier to pursue, and procedural changes intended to streamline enforcement proceedings and extend limitation periods. While many of the information-gathering and procedural reforms are relatively uncontroversial, the proposals would materially strengthen the Insolvency Service’s enforcement toolkit and reflect a broader trend towards more interventionist corporate enforcement. The most significant and potentially contentious changes are the proposed administrative director restrictions regime and the removal of courts from the initial disqualification decision-making process.

Lex Greensill, founder of the collapsed supply-chain finance firm Greensill Capital, has agreed to a nine-year director disqualification undertaking with the UK Insolvency Service, bringing to an end court proceedings that were due to proceed to trial. The Insolvency Service concluded that Greensill had breached his duties as a director by failing to exercise reasonable care, skill and diligence. The disqualification represents a significant regulatory outcome arising from the collapse of Greensill Capital in 2021, which triggered losses for investors and widespread political and financial scrutiny. While the undertaking resolves one of the principal enforcement actions connected to the firm's failure, Greensill remains subject to separate civil proceedings brought by the company's administrators alleging breaches of fiduciary duty.