ISO has published ISO 37001 – the first international anti-bribery management system standard to help organizations combat the risk of bribery in their own operations and value chain. The standard has the potential to reduce corporate risk and costs related to bribery by providing a manageable business framework for preventing, detecting, and addressing bribery.
ISO 37001 was developed by ISO project committee ISO/PC 278, Anti-bribery management systems, and builds on guidance from organizations including the International Chamber of Commerce, the Organisation for Economic Cooperation and Development, Transparency International, and various governments.
ISO/PC 278 chair Neill Stansbury said bribery is a significant business risk in many countries and sectors.
“In many cases, it has been tolerated as a ‘necessary’ part of doing business,” Stansbury said. “However, increasing awareness of the damage caused by bribery to countries, organizations, and individuals has resulted in calls for effective action to be taken to prevent bribery.”
ISO 37001:2016, Anti-bribery management systems – Requirements with guidance for use, is designed to support and broaden the efforts organizations have already made to develop internal systems and processes for preventing bribery.
ISO 37001 specifies a series of measures to help organizations prevent, detect, and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments, and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
The standard also aims to provide transparency and clarity on the measures and controls that organizations should be putting in place and how to implement these most effectively and efficiently.
In addition to helping to reduce the risk of bribery occurring, the standard can demonstrate to stakeholders that the organization has internationally-recognized good practice anti-bribery controls in place.
Using a series of related measures and controls – including supporting guidance – the anti-bribery management system specifies requirements for:
- An anti-bribery policy and procedures
- Top management leadership, commitment, and responsibility
- Oversight by a compliance manager or function
- Anti-bribery training
- Risk assessments and due diligence on projects and business associates
- Financial, procurement, commercial, and contractual controls
- Reporting, monitoring, investigation, and review
- Corrective action and continual improvement
Stansbury said ISO 37001 has been developed to ensure flexible use by organizations of all sizes, regardless of location or sector.
“The bribery risk facing an organization varies according to factors such as the size of the organization, the countries and sectors in which the organization operates, and the nature, scale and complexity of the organization’s operations,” Stansbury said. “Therefore, ISO 37001 specifies the implementation by the organization of reasonable and proportionate policies, procedures and controls.”
Organizations can become certified to ISO 37001 by accredited third parties to confirm that their anti-bribery management system meets the standard’s criteria. Although certification or compliance to ISO 37001 cannot provide assurance that no bribery has occurred, the standard can help to establish that the organization has implemented all appropriate measures designed to prevent such an occurrence.