On October 14, the International Organisation for Standardisation (ISO) published a global standard ISO 37001: Anti-Bribery Management Systems. This voluntary standard is designed to assist organisations around the world implement and maintain an effective and proportionate anti-bribery programme.
Organisations can choose to use it simply as an internal benchmarking tool or seek ISO 37001 certification of their anti-bribery programme through an accredited third party provider.
What are the requirements of ISO 37001?
The standard is aligned to the the six principals of corporate corruption prevention set out in the UK Ministry of Justice guidance to the UK Bribery Act 2010. Requirements in the standard include:
- An anti-bribery policy and procedures
- Top management leadership, commitment and responsibility
- Oversight by a compliance manager or similar function
- Anti-bribery training
- Risk assessments including appropriate due diligence
- Financial, procurement, contractual and commercial controls
- Monitoring and assurance processes around these controls
- Implementation of whistleblowing procedures
- Corrective action and on-going improvement
Annex A to ISO 37001 sets out the requirements for organisations, along with comprehensive guidance on how these can be met.
Charlotte Wrights’ recent article focuses on what she considers the key sections of the standard and presents her view on the value of this standard to organisations going forward.
Is the ISO 37001 standard ‘one size fits all’?
The Chair of the ISO project committee ISO/PC 278, Neill Stansbury, has stated that this standard is intended for use by organisations of all sizes and in any jurisdiction.
The bribery risk facing an organisation varies according to factors such as the size of the organization. The countries and sectors in which the organization operates and the nature, scale and complexity of the organization’s operations.
Organisations should seek to take an individual risk based and proportionate approach to compliance with the standard.
What should an organisation do in light of this new standard?
This standard provides an objective measuring stick for an organisation to evaluate its own anti-bribery programme. This could give reassurance to the management team and Board that what is in place is fit for purpose or provide the stimulus for development and change. Either will be positive!
When deciding whether to seek certification or not, consider the broader commercial drivers. Compliance with, or certification to, this standard could become a ‘differentiator’ in the market. In time, it could become a commercially-driven bidding requirement similar to other ISO standards such as the ISO 9001 on quality management systems. There may be particular political pressure for public sector organisations to insist on certification from those participating in procurement exercises. When discussing how the impact of the standard will be measured, Stansbury said:
It will be a big breakthrough if public sector procurement agencies require the standard to be a pre-qualification requirement for contracts over a certain value.
Whether this breakthrough emerges is yet to be seen. For now however, this standard sets a new line in the sand for anti-bribery compliance programmes whether you seek certification or not.