The value of an ISO37001 certified anti-bribery management systemDrive ethical business practice, build stakeholder trust and competitive advantage
The value of an ISO37001 certified anti-bribery management system
The ISO37001 anti-bribery management system was published worldwide on 17 October 2016. It was developed by more than 37 countries from China to Mexico, all the G7 countries and in liaison with the OECD. Its implementation is being considered in Singapore, Peru and reportedly by Walmart and Microsoft amongst others.
The value of an ISO37001 certified anti-bribery management system is that it demonstrates your commitment to an anti-bribery programme. This will coherently flow out to all business activities, through leadership, management, and all your key commercial, financial and operational functions. Your organisation might have other certified standards such as ISO9001 Quality Management and ISO37001 fits neatly into these established management processes.
The costs of bribery
Bribery is a significant business and political risk in many countries and sectors. It will adversely impact an organisation in the event of an allegation or criminal prosecution. Bribes are often tolerated as a “necessary part of doing business” , or “that’s the way we do things in our country”.
ISO37001 is applicable to the public, private, third and voluntary sectors and, state owned enterprises and international organisations, regardless of size. The bribery risk facing an organisation varies according to factors such as the size of the organisation, the countries and sectors in which the organisation operated and the nature, scale and complexity of its operations.
Certification of an organisation to ISO37001 provides clear evidence to all stakeholders, financial, regulatory and government bodies, of the veracity of its anti-bribery intent, processes and controls. It demonstrates that the organisation has adopted, is practising and constantly improving its anti-bribery measures. This will not only strengthen internal compliance to mitigate bribery risk but catalyse those key cultural changes which will influence others, both internal and external to the organisation, to behave ethically. In answering the call for more transparency and better ethics in government, aid flows, business and sport, there will be an international demand to flow down anti-bribery compliance from the lead organisation to its external stakeholders, for example its supply chain.
Why a management system?
The ISO37001 standard recognises that effective anti-corruption compliance requires the adoption of a risk-based approach – described as a “reasonable and proportionate” approach. In addition to conducting risk assessments, ISO37001 requires that organisations take the following steps:
- Tone at the Top: the board/senior management must demonstrate commitment to anti-corruption compliance, including communicating the importance of effective anti-bribery management and promoting an anti-bribery culture within their organisation.
- Develop and Maintain Compliance Policies and Internal Controls: including procedures designed to prevent the offering, provision or acceptance of gifts, hospitality, donations and similar benefits where the offering, provision or acceptance is, or could reasonably be perceived as, bribery.
- Training: provide employees with appropriate anti-bribery training of which their participation is documented.
- Risk-Based Due Diligence: conduct an appropriate level of due diligence on specific transactions, projects, activities and business associates.
- Contractual and Certification Protections: requires third parties (such as sales agents) that “pose more than a low bribery risk” to certify they will commit to preventing bribery.
- Compliance Commitments from Employees: personnel must comply with the anti-bribery policy and anti-bribery management system and the organisation has the right to discipline personnel in the event of non-compliance.”
- Implement Internal Controls: organisations must implement both “financial” and “non-financial controls” (i.e. finance, procurement, operational, sales, marketing etc.)
- Reporting Channels and Whistleblower Protections: establishment of systems to allow personnel and third parties to “report in good faith” or “on the basis of a reasonable belief” an attempted, suspected/actual bribery, or any violation of the anti-bribery management system.
- Documentation: to document their ISO37001 activities (a business management system) appropriate for the size and complexity of the organisation and the nature of its activities.
- Improvement of Anti-Corruption Controls through Constant Assessment: audit, assess and review their anti-bribery compliance systems on an ongoing basis.
Commercial organisations in particular, have a significant role to play in reducing both private bribery and the bribing of foreign public officials. Business is often the primary source of the funds to pay bribes and in such circumstances party to engendering an environment for bribery to occur, whether direct to the bribe taker or indirectly through an intermediary acting on its behalf. It is likely in future, that companies, governments and international organisations will encourage (or possibly require) vendors to hold a valid ISO37001 anti-bribery certification, to reduce harm and cost to themselves and/or to a nation state.
Certification assures stakeholders
Compliance with ISO37001 cannot provide legal assurance that bribery will not occur, such as an isolated deliberate bribery incident. However, implementing the standard will help the organisation prevent bribery, positively change its ethics culture and provide verification and demonstration to third parties, be they customers or law enforcers, that it has implemented all reasonable and proportionate measures to prevent bribery. In so doing it will protect its own reputation and that of its stakeholders and gain competitive advantage.
Back to main learning page
Latest views and ideas on compliance and anti-corruption issues from our experts
Brexit will change the exporting landscape. Now Article 50 has been triggered, the divorce proceedings from the EU, are due to start this Summer and a deal must be wrapped up in 24 months or the government has threatened to walk away. For business that is two...read more
In 2016 the Panamanian law firm Mossack Fonseca, was subject to a massive insider data breach which disclosed 11.5 million files amounting to 2.6 terabytes of data – a treasure trove of global offshore financial activity exposing financial connections of thousands...read more
A year ago, most consumers would have fully trusted two major brands: VW and Tesco. How things change! Tesco and their “Every Little Bit Helps” campaign made consumers comfortable; getting a fair deal from a company they could trust. Yes, Tesco had its ups and downs...read more