ISO 37001
Anti-bribery management systems

Transparency and trust are the building blocks of any organization’s credibility. Nothing undermines effective institutions and equitable business more than bribery, which is why there’s ISO 37001.

It’s the International Standard that allows organizations of all types to prevent, detect and address bribery by adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.

Providing a globally recognized way to address a destructive criminal activity that turns over a trillion dollars of dirty money each year, ISO 37001 addresses one of the world’s most destructive and challenging issues head-on, and demonstrates a committed approach to stamping out corruption.

The ISO standard is so flexible that it can be used in all countries and by organizations of any type or size. It can therefore be applied in small, owner-managed businesses, foundations, associations or official bodies as well as in multi-national companies and other public or private-sector organizations.

ISO 37001 is in principle a stand-alone management system. However, the measures it contains are designed so that they can also be integrated into existing management systems and the control mechanisms that they specify. Like the widely used quality management system ISO 9001, ISO 37001 adopts a top-down approach.

ISO 37001 defines seven core steps and assigns concrete measures to each:

1. Implement
Implementing a comprehensive compliance policy makes economic sense and ultimately boosts sales. An organization that complies with legal obligations and can demonstrate that it has put measures in place to prevent compliance violations earns the trust of customers, suppliers and other parties.

2. Establish
Compliance only functions in organizations if it is practiced by management. Compliance managers may find that establishing this “tone from the top” is a challenging task. But correct behavior at all levels and across all departments can only be achieved if everyone acts together. The ISO explicitly refers to this in Section 5.

The ISO standard requires organizations to have an independent compliance manager who should also be responsible for the anti-bribery management system. To enable the employee assigned to this function to work independently, it is essential to avoid conflicts of interest.

According to the ISO, the organization’s managers are also responsible for ensuring that an anti-bribery policy is adopted. The policy must state clearly that bribery is prohibited and that any violations by employees will be reported and appropriate action taken. The policy must be communicated to all members of staff and relevant external partners.

3. Develop
As part of the anti-bribery management system, effective controls specific to the organization must be developed. These controls must cover all corruption risks and ensure effective monitoring for violations.

According to ISO 37001, employees should participate in regular training that enables them to understand the organization’s anti-bribery policy and comply with it. The ISO does not require all employees to receive training but only those with elevated risk potential. The training programme must be tailored to the organization.

4. Review
There are many different aspects to the establishment of an anti-bribery management system. The ISO standard provides some advice on designing an ABMS. For example, enhanced due diligence must always be performed on transactions, projects, personnel and business associates if the corruption risk is any higher than “low”.

The ISO requires business associated or business partners to be included in the financial and non-financial controls. In high-risk cases ISO 37001 also calls for the business partners of the business associates to be checked. ISO-certified organizations should require these risk and compliance checks from their direct business partners.

If the corruption risk is classed as low, it is not necessary to demand that business partners carry out risk and compliance checks. In this situation, the check of the organization’s own business partners is sufficient.

Internally, a dual control principle for important transactions may be enough. In dealing with external partners, corruption often occurs in connection with procurement procedures. A transparent procurement procedure for important transactions can prevent corruption.

The review process involves identifying and categorizing the risks within the organization and among third parties so that they can be tackled effectively. In other words, this is a risk-based approach.

5. Execute
If corruption risks are identified internally or among partners, suppliers and other business partners, the due diligence checks described in the “Review” section must be rigorously performed and documented.

6. Continue
Setting up a compliance programs in accordance with ISO 37001 is not a one-off task – even if the CMS is successfully certified. The compliance manager and the organization’s managers must maintain ongoing due diligence, which includes reporting, monitoring, investigating and checking. All processes must be enshrined in the organization as an automatic aspect of the management task.

7. Adapt
No system functions perfectly from the get-go. As part of a process of continuous improvement, the CMS must therefore be regularly scrutinized so that violations can be systematically prevented and non-conformities addressed. This systematic process is explicitly required in Section 10 of ISO 37001, which deals with improvement.
Certification, inspection and audit solutions focused on business optimization.






WHO WE ARE           






244 Fifth Avenue, Suite 1203, New York, NY 10001 US
ISO 37001 can benefit an organization in the following ways.

1. By specifying necessary policies and procedures, ISO 37001 assists an organization in implementing an ABMS, or in enhancing its existing controls. An ISO 37001 compliant
ABMS can help prevent bribery from occurring, and can significantly reduce its impact if it does occur.

2. It helps provide assurance to the management and owners of an organization that their organization has implemented internationally recognised good practice anti-bribery controls, and is therefore taking steps to reduce risk and any adverse consequences.

3. It helps the organization provide assurance to its customers, business associates and personnel that it has implemented internationally recognised good practice anti-bribery controls, and therefore assists the organization in obtaining work, recruiting good personnel and enhancing its reputation.

4. Organizations may require their major contractors, suppliers and consultants to provide evidence of compliance with ISO 37001 as part of their pre-qualification or supply chain approval process (on a similar basis to their requiring evidence of compliance with ISO 9001 (quality management) etc.).

5. In the event of a bribery investigation which involves the organization, it helps provide evidence to the prosecutors or courts that the organization had taken reasonable steps to prevent bribery. It can therefore help avoid a prosecution, or mitigate the outcome