The SFO Deferred Prosecution Agreement: lessons from the Ultra Electronics bribery case

What happened in the Ultra Electronics SFO case?

On 1 May 2026, the High Court approved the Deferred Prosecution Agreement (DPA) between the Serious Fraud Office (SFO) and Ultra Electronics Holdings Ltd (formerly Plc) (UEH), for the first time since 2021. The DPA relates to three counts of failing to prevent bribery under section 7 of the Bribery Act 2010. The conduct in question spanned many years, three projects and two jurisdictions:

• Oman: MC6 Airport IT project at Muscat and Salalah.
• Algeria: Airport IT and e‑commerce project at Houari Boumediene Airport, Algiers.
• Algeria: Public Key Infrastructure (PKI) project for the Ministry of Post and Information and Communication Technologies (MPICT).

 

What is a Deferred Prosecution Agreement?

This is not a conviction but an agreement between a prosecutor and a company to suspend and “defer” a prosecution for an agreed period. In return, the company agrees to a package of terms – typically including a financial penalty, disgorgement of profits (if any), payment of costs and ongoing compliance and cooperation undertakings.

If the company complies with the terms for the agreed period, the prosecution is discontinued at the end of the DPA term. This is typically three to five years. The court’s approval of the terms of the DPA is required.

In this case, corporate culpability is accepted by Ultra based on an agreed Statement of Facts.

There are many lessons to be learned from this rollercoaster of a DPA. The agreement was eight years in the making and included a self-report in 2018, a Canadian DPA for unrelated conduct in the Philippines, late disclosure leading to failed DPA negotiations in 2022, a change in ownership, management and both internal and external lawyers, and zero profits – before the agreement was successfully concluded in 2026.

Nature of the conduct and lack of profit

The Statement of Facts sets out a series of promised or paid bribes by associated persons – through local agents or joint‑venture arrangements – seeking to secure large state‑linked infrastructure projects in Oman and Algeria.

The schemes themselves resulted in zero realised profit, and in respect of the Oman MC6 contract – a substantial loss:

• The Omani MC6 contract was ultimately terminated and proved significantly loss‑making for UEH;
• The Algerian Airport and PKI bids were unsuccessful, and Ultra did not win the underlying contracts notwithstanding the alleged use of high‑commission agents and access to confidential tender information.

 

Key takeaway:

Joint ventures and third-party intermediaries remain high risk areas for bribery.

Liability under section 7 Bribery Act 2010 does not depend on the bribe being successful, or the awarded project being profitable.

A failure to prevent attempted bribery can still give rise to corporate offences, even where the project fails commercially or is loss‑making.

Business and ownership context

At the time of the conduct, UEH sat at the head of a UK‑listed defence and aerospace electronics group, employing around 4,150–4,850 staff worldwide, with annual revenues of approximately £650m–£780m. The group operated through several divisions and semi‑autonomous business units, including Ultra Electronics Airport Systems (UEAS), which delivered airport and airline software solutions and led the projects in issue.

In August 2022, UEH was acquired by Cobham Ultra Acquisitions Ltd, an Advent‑managed investment structure, and subsequently delisted from the London Stock Exchange. The Statement of Facts makes clear that Advent, Cobham Ultra and related entities were not involved in, and had limited visibility over, the historic misconduct, which pre‑dated the acquisition.

Post acquisition, new ownership took charge of the investigation, replaced the existing internal compliance and external legal teams and sought to re-engage with the SFO.

Key takeaway:

Complex, decentralised divisional and business‑unit structures can obscure bribery risk if group‑level controls, information flows and oversight are weak.

Acquirers can inherit historic section 7 exposure even where the underlying projects have long since failed or been exited, underscoring the importance of robust, forensic anti‑bribery due diligence – including on loss‑making and unsuccessful bids – in M&A transactions.

Where this is not possible pre-acquisition, action should be taken swiftly to review high risk areas and consider remediation and compliance improvements. If appropriate, this should include engagement and reporting to relevant enforcement agencies.

Investigation and procedural posture

In 2017, consultant Edwin “Ted” Roberts threatened legal proceedings over unpaid fees for the PKI Project and referred to “dubious” payments. Media reports in Algeria in early 2018 alleged corruption involving Ultra and Algerian officials.

On 23 March 2018, UEH made a self‑report to the SFO, providing key documents. Later that year the SFO formally opened a criminal investigation into suspected corruption involving Ultra’s Algerian business and associated persons. Searches were carried out and a senior executive was arrested and interviewed.

DPA discussions:

In February 2021, the SFO invited UEH to negotiate a DPA focused on the disclosed Algerian conduct. However, in July 2022, late in the process, UEH disclosed additional information about historic conduct in Oman which it said had previously been the subject of an internal investigation that had (wrongly, in the SFO’s view) found no evidence of bribery. The SFO disagreed with this assessment and withdrew from the DPA negotiations on 11 November 2022. It expanded the criminal investigation to Oman in December 2022 and, subsequently, to additional jurisdictions and historic business.

Acquisition and change in approach:

Following the acquisition of the Ultra Group by Advent‑controlled entities in August 2022, a new board and senior management were installed, and a new internal legal and compliance function was created.

The company appointed new advisors and, since late 2022, adopted what the SFO described as “exemplary” cooperation, including: facilitating interviews, extensive document production (including overseas data), detailed narrative reports and limited privilege waivers over historic internal investigations and contemporaneous legal advice.

Key takeaways:

When entering a self-reporting process, companies should expect from the outset to be full and frank, reporting all suspected misconduct. Cherry-picking what to disclose can result in a break down of the delicate relationship built on trust and confidence which is needed between a self-reporter and the authority to achieve a successful non-prosecution outcome.

But – relationships can be repaired, provided the company is prepared to clean house and institute remediation and compliance from the top down. It is important to seek advice from experienced counsel who understand the process and workings of the SFO.

Can a company avoid prosecution by self-reporting to the SFO?

Self-reporting significantly improves a company’s prospects of achieving a Deferred Prosecution Agreement or another non-prosecution outcome, but it does not guarantee one.

The Serious Fraud Office will assess the timing of the disclosure, the completeness and accuracy of the information provided, the quality of ongoing cooperation, and whether the business has undertaken meaningful remediation.

Identified compliance failures

UEH accepted that, at the time of the conduct covered by the DPA, it did not have adequate procedures in place to prevent bribery by associated persons. In practical terms, the case shows how the following weaknesses can create criminal exposure under section 7 Bribery Act 2010:

1. Lack of structured ABC risk assessment: no formal process to assess bribery and corruption risks by business line, jurisdiction or transaction type (e.g. agents, intermediaries, JVs, consortiums).
2. Joint venture oversight: inadequate and high‑level policies on joint ventures (Guidelines and Terms of Reference) which failed to ensure effective oversight, especially where Ultra was not the majority owner.
3. Bid governance failings: requirement for approved bid approval forms was not consistently followed. Missing or incomplete paperwork and associated oversight.
4. Agent selection and monitoring: the Ultra‑wide Selection and Management of Agents Policy was only introduced in 2012, was generic and inadequate, and record‑keeping under it was poor. Errors accompanying the transposition of the Transparency International Corruption Perceptions Index into the policy led to some high‑risk countries (including Algeria) being mistakenly classified as low‑risk, with reduced due diligence applied to agents in those jurisdictions. Policies were vulnerable to circumvention, including examples of payments being made to personal bank accounts rather than to corporate accounts (e.g. Oman “third man” payment to an individual’s personal account).
5. Training: anti‑bribery and corruption training was provided, but attendance records were incomplete and inconsistent. There was limited oversight of Ultra employees acting in joint ventures, including those in senior roles.

 

Key compliance takeaways:

• The Board and Senior Management must commission a specific anti-bribery risk assessment. This should be a living analysis of risk and mitigation steps needed within the business to combat corruption.
• The Board should be aware of and manage the risks surrounding the use of agents, intermediaries, JVs and consortium structures particularly in high‑risk jurisdictions.
• Senior management must be willing to question and block high‑risk arrangements (e.g. large “consultancy” payments in high‑risk markets).

 

Formal ABC due diligence on JV partners and local sponsors is essential, with clear rights to audit, access information and veto agents or sub‑agents. There should also be robust contracting, monitoring and renewal/termination processes for all intermediaries.

• Payment controls should be in place and money routed to individuals’ personal bank accounts (rather than corporate accounts in the contracting entity’s name) should be prohibited.
• Formal bid approval processes must be rigorously followed for all significant opportunities, particularly where intermediaries or JVs are involved.
• Simply referencing tools such as the Transparency International Corruption Perceptions Index is not enough; methodologies must be understood and kept up‑to‑date to avoid mis‑classifying high‑risk jurisdictions as “low” risk.
• Seemingly modest items (such as an iPhone) may still be treated as improper advantages if linked to confidential tender information or out‑of‑process favours.

 

Our perspective

The Ultra Electronics resolution demonstrates that the DPA process is alive and kicking.   However, despite the SFO’s Cooperation Guidance setting out that companies which self-report will be given a DPA in all but exceptional circumstances – it is clear that self-reporting alone is not enough to secure a favourable resolution.

Companies must be aware that the process of self-reporting and cooperation will be scrutinised. To be successful in this process, the SFO has to be satisfied that the board and senior management have been genuinely transparent, that the internal investigation has been properly conducted (in consultation with the SFO), and that meaningful remediation and compliance improvements have been implemented.

The further case shows that even though the relationship with a prosecutor can break down during the self-reporting process, damaging trust and confidence, it is possible to repair it through new leadership, transparency and sustained cooperation (typically accompanied by a new set of independent advisors). It is key to show a genuine change in approach. This is set out in the Judgement by Mr Justice Hilliard:

In this case, I attach particular weight to the fact that the organisation at the time of the DPA is effectively a different entity from the one that committed the offences, and is operating in a completely different way and with different personnel.  What happened in the past does not taint the modern company.

For multinational businesses operating in high-risk sectors and jurisdictions, the case reinforces the importance of early legal advice from experienced advisors. To pass muster, the process must be demonstrably independent, robust and include a clear and well implemented strategy for engaging and cooperating with regulators.

Ultra Electronics’ DPA – Frequently Asked Questions

1.    What is the Ultra case about in simple terms?

The case concerns Ultra Electronics Holdings Ltd’s admitted failure to prevent bribery by people associated with the group (employees, joint‑venture partners and agents) on three large, state‑linked projects in Oman and Algeria between 2009 and 2017.

The SFO alleges that consultants and agents were used to channel or facilitate corrupt payments – or intended payments – to officials in order to win, or try to win, major airport and IT infrastructure contracts. The company accepts corporate liability under section 7 of the Bribery Act 2010; no individual has admitted wrongdoing, and the court has made no findings against any individual.

2.     How did the SFO investigation start?

In 2017, a consultant involved in the Algerian PKI project threatened to sue Ultra over unpaid fees and referred to “dubious” payments. Algerian media also reported alleged corruption involving Ultra and local officials.

In March 2018, Ultra made a self‑report to the SFO. The SFO opened a formal criminal investigation in April 2018 into suspected corruption on the Algerian projects, executed searches as well as arrested and interviewed a senior executive.

3.    What is a self-report?

A “self-report” is a report of actual or suspected corporate misconduct to an enforcement authority. Typically, self-reports are made to the Serious Fraud Office (SFO) of suspected corruption and fraud.

Companies which have chosen to self-report, do so in the hope of achieving a non-prosecution outcome, such as a DPA. This allows the company to resolve historical misconduct and move on with confidence that they have addressed the identified issues. A self-report allows the company to retain more control over the investigation and any reputational issues arising from it and, in appropriate cases, to reach a DPA with a lower financial penalty than the one expected after a corporate prosecution.

The SFO’s Cooperation Guidance sets out that companies which self-report will be given a DPA in all but “exceptional circumstances”.

4.     Are any individuals related to Ultra being prosecuted?

No findings of any kind have been made against individuals in the DPA judgment. The Statement of Facts explicitly states that:

• There was no process in the DPA approval hearing for determining individual culpability.
• No individual mentioned has admitted misconduct; some have actively denied involvement.
• The court considered aspects of individual conduct only insofar as they were relevant to assessing the company’s liability and the public interest in approving the DPA.

Separate decisions about charging individuals, if any, would be taken under the usual Full Code Test and are not addressed by the Statement of Facts.

5.    Can directors or employees still be prosecuted if a company enters a DPA?

Yes. A Deferred Prosecution Agreement applies only to the corporate entity and does not prevent prosecutors from investigating or prosecuting directors, officers, employees, agents or other associated persons, where the evidence supports individual criminal liability.

For boards and senior executives, it means that a corporate resolution may not necessarily eliminate individual legal or reputational risk.

6.    How long does an SFO investigation usually take?

There is no fixed timeframe for a Serious Fraud Office investigation. Complex corporate bribery, fraud and corruption investigations often take several years, particularly where overseas evidence, multiple jurisdictions or historic conduct are involved.

Self-reporting is typically much quicker and less disruptive than dealing with a purely external criminal investigation. However, as the Ultra Electronics case shows, if the relationship with the SFO breaks down, the timeline can become protracted.

7.     What does “failure to prevent bribery” mean in practice?

Section 7 of the Bribery Act 2010 creates a strict‑liability offence for commercial organisations. A company commits the offence if:

• a person associated with it (employee, agent, subsidiary, JV partner, etc.) bribes another person intending to obtain or retain business or an advantage for the company; and
• the company cannot show that it had “adequate procedures” designed to prevent such bribery.

 

The Ultra case underscores that:

• bribery does not need to succeed – attempts and intended payments are enough;
• projects can fail commercially or be loss‑making yet still attract full section 7 exposure;
• the key question is whether, given the inherent risks (sector, jurisdiction, use of agents/JVs, state counterparties), the company’s procedures were robust, risk‑based and actually operated in practice.

8.     What are the main compliance failures highlighted by the SFO?

The Statement of Facts focuses on the absence of “adequate procedures”, including:

• No formal, group‑wide bribery and corruption risk assessment covering business lines, jurisdictions and specific risk channels (agents, intermediaries, JVs, consortiums).
• Thin and inconsistent joint‑venture policies with weak group‑level oversight of JVs used to pursue high‑risk, state‑linked projects.
• Bid governance that was not followed in practice – missing or retrospective bid approvals and inaccurate statements about the use of agents.
• A generic, easily circumvented Agent policy, poor record‑keeping and a technical error in how Transparency International Index scores were used, wrongly classifying some high‑risk jurisdictions (including Algeria) as low‑risk.
• Limited, poorly documented ABC training and weak oversight of employees acting in joint‑venture and overseas roles.

9.     What practical lessons should other businesses take from the Ultra case?

Key takeaways for boards, compliance and legal teams include:

• Treat high‑risk bids (large, state‑linked, overseas, agent‑heavy) as requiring enhanced governance, not business‑as‑usual processes.
• Ensure ABC risk assessments are formal, documented, refreshed and translated into concrete controls and decision‑rights.
• Apply robust due diligence, contracting and monitoring to all intermediaries, including sub‑agents and “fixers”; prohibit payments to personal accounts.
• Impose strong oversight over JVs and consortiums – including approval of partners, visibility over their agents and intermediaries, and rights to intervene or walk away.
• Give compliance functions real authority and access to the board; invest in targeted, scenario‑based training for business development and bid teams.
• In M&A, perform forensic ABC due diligence on historic projects (including failed and loss‑making ones) and plan for post‑acquisition investigations and remediation.

 

10.   When should a company seek legal advice in an SFO investigation?

Companies should seek legal advice as early as possible, where there are allegations of bribery, corruption, fraud, accounting irregularities, whistleblower complaints, suspicious payments or concerns involving overseas agents, intermediaries or joint ventures.

Early advice is critical to ensure independence and defensibility of corporate actions.  Thought must be given to preserving evidence, conducting an independent privileged investigation, considering self-reporting obligations and managing engagement with prosecutors and other regulators.

When the relationship between the company and the SFO broke down, Ultra Electronics has shown that it can be repaired through the involvement of new management and independent advisors. The board should seek a second opinion if there is any concern about how the case is progressing.

11.   Which lawyers can help with a DPA?

The Gherson team has significant experience assisting companies with internal and regulator-facing investigations. Prior to joining Gherson, Caroline Black had a leading role representing Airbus SE in its multi-year investigation and subsequent simultaneous deferred prosecution agreements with the UK SFO, the French Parquet National Financier, the US Department of Justice and the Department of State. The landmark case was resolved in four years, despite including a potential pool of over 30.5 million documents, 22 jurisdictions and countless complex issues. Caroline was at the heart of this significant achievement, working as a trusted advisor to the company, whose cooperation was described as “exemplary”.

Caroline has advised numerous companies considering making a self-report and counselled boards through the investigation and reporting process to successful outcome. Caroline has experience in reaching other non-prosecution outcomes for companies (including “no further action”, civil recovery and negotiated plea agreements) and is one of the leaders in the field of corporate crime and investigations.

Thomas Cattee worked at the SFO before joining Gherson. At the SFO, Thomas led significant aspects of the multi-jurisdictional investigations and negotiations resulting in the Airbus SE Deferred Prosecution Agreement (DPA). This has provided him with excellent understanding of how the SFO approach DPA cases and work with overseas prosecuting agencies, including the US Department of Justice and French Parquet Nationale Financier.

We can also assist by running focused workshops on the Ultra case, benchmarking your current framework against these lessons, undertaking gap analysis and helping to design and implement practical enhancements to policies, procedures and training.

How can Gherson help?

At Gherson Solicitors LLP we regularly advise organisations on designing and implementing effective financial crime prevention policies, procedures and controls.

If you need further advice on what the new offence of failure to prevent fraud means for your organisation, please do not hesitate to contact Caroline Black or Thomas Cattee at Gherson Solicitors LLP.

If you have any questions arising from this article, please do not hesitate to contact us for advice, send us an e-mail, or, alternatively, follow us on X, Facebook, Instagram, or LinkedIn to stay-up-to-date.

The information in this blog is for general information purposes only and does not purport to be comprehensive or to provide legal advice. Whilst every effort is made to ensure the information and law is current as of the date of publication it should be stressed that, due to the passage of time, this does not necessarily reflect the present legal position. Gherson accepts no responsibility for loss which may arise from accessing or reliance on information contained in this blog. For formal advice on the current law please do not hesitate to contact Gherson. Legal advice is only provided pursuant to a written agreement, identified as such, and signed by the client and by or on behalf of Gherson.

©Gherson 2026

View all news & Insights