The Importance of a Certified Anti-Bribery Management System

The Importance of a Certified Anti-Bribery Management System

 

by Anastasios Arampatzis 

ISO 37001 provides requirements and guidance for any organization to establish, implement, review, and improve an anti-bribery management system. Managing risks related to bribery and other forms of corruption is vital to succeed commercially. 

The threat of bribery 

Transparency and trust are the building blocks of any organization’s credibility. Nothing undermines effective institutions and equitable business more than bribery. Bribery represents a serious risk to businesses, with potentially significant legal and financial repercussions for individuals and organizations. 

The UN and OECD have both adopted conventions aimed at reducing bribery, and anti-bribery legislation is being tightened worldwide, imposing harsher penalties on employees, directors and organizations. It is estimated that globally, over $1.5 trillion in bribes changes hands every year. Apart from the negative economic impact, bribery also impacts the whole society as it undermines trust, leads to unfairness, creates inequality, and stifles motivation.  

ISO joined the global fight against bribery by developing ISO 37001, an international standard that sets out the requirements for an anti-bribery management system (ABMS). 

What is ISO 37001? 

ISO 37001 is applicable to bribery. It defines requirements for a management system designed to help organizations prevent, detect, and respond to bribery as well as comply with anti-bribery laws and voluntary commitments applicable to the organization’s activities. 

An anti-bribery management system is designed to instill an anti-bribery culture within an organization and implement appropriate controls, which will in turn increase the chance of detecting bribery and reduce its incidence in the first place. The system can be independent of, or integrated into, an overall management system. 

Other aspects, such as fraud or money laundering can also be included in the management system scope in accordance with relevant legislation and best-practices. ISO 37001 covers bribery: 

• by the organization, its personnel or business associates acting on the organization’s behalf or for its benefit 
• of the organization, its personnel or business associates in relation to the organization’s activities 

A compliant management system must implement measures and controls to include: 

• Anti-bribery policy 
• Management leadership, commitment, and responsibility 
• Personnel controls and training 
• Risk assessments 
• Due diligence on projects and business associates 
• Financial, commercial, and contractual controls 
• Segregation of Duties (SoD) and effective approval flows 
• Reporting, monitoring, investigation, and review 
• Corrective action and continuous improvement 

Implementing an anti-bribery management system requires leadership and input from top management, and the policy and program must be communicated to all staff and external parties such as contractors, suppliers and joint venture partners. 

Benefits of a certified anti-bribery management system 

Benefits of a certified anti-bribery management system 

ISO 37001 has been developed to ensure flexible use by organizations of all sizes, wherever they may do business.

The bribery risk facing an organization varies according to factors such as the size of the organization, the countries and sectors in which the organization operates, and the nature, scale and complexity of the organization’s operations. Therefore, ISO 37001 specifies the implementation by the organization of reasonable and proportionate policies, procedures and controls

stated Neill Stansbury, Chair of ISO project committee ISO/PC 278 responsible for developing the standard in 2016.

Implementing an ABMS based on ISO 37001 can be a good strategic decision to demonstrate an organization’s commitment to effectively prevent, detect, and respond to bribery. As the requirements of ISO 37001 are generic, organizations will have plenty of freedom to establish an ABMS which best suits their needs.  

Some of the benefits that organizations would gain by implementing an ABMS based on ISO 37001 include: 

• Improved ability to detect, prevent, and respond to bribery by or of the organization 
• Opportunity to certify the ABMS by undergoing a conformity assessment from an accredited conformity assessment body 
• Establishment of processes that allow proper due diligence of prospective personnel and business associates 
• Opportunity to contribute to the global fight against bribery 
• Opportunity to shape, improve, or transform the culture of an organization 
• Improved ability to respond, mitigate, and deal with the consequences if a bribery case occurs 
• In certain jurisdictions, the existence of an internal mechanism to address bribery issues can reduce penalties in cases of wrongdoing 

To help with its implementation, technical committee ISO/TC 309 has developed a handbook that provides users of ISO 37001 with advice on bribery and the different measures they can take to prevent it. “ISO 37001:2016 – Anti-bribery management systems – A practical guide” contains detailed information, case studies and examples that bring clarity to the standard’s requirements. Suitable for organizations of all types and sizes, this handbook is particularly useful for small and medium-sized enterprises. 

Should organizations be certified to ISO 37001? 

Accredited third parties can certify an organization’s compliance with the standard in the same way they do for other ISO standards such as ISO 27001. 

While it cannot guarantee that there will be no bribery in relation to the organization, certification or compliance with this standard can help you implement robust and proportionate measures that can substantially reduce the risk of bribery and address bribery where it does occur. 

Certification to ISO 37001 sends a strong message to stakeholders, investors, employees, authorities and the general public about your commitment to ethical business practices. 

ADACOM Offerings 

ADACOM Cybersecurity Consulting team provides support and assistance for Organizations for the enforcement of effective anti-bribery governance in adherence with ISO37001. With these services, Organizations will enhance anti-bribery and anti-corruption financial and non-financial controls within their environment but will also be able to demonstrate effective governance, improved credibility and trustworthiness to third parties and clients.