ISO 37001 Anti-Bribery Management Systems Standard
The new standard for anti-bribery management systems, ISO 37001, is currently being drafted under the International Standardization Organization (ISO) umbrella, and is expected to be finalised by the end of 2016 at the latest. The ISO/PC 278 working group, made up of more than 80 specialists representing 44 countries, ensures the standard is balanced and internationally sustained as it aims to help large, medium and small organisations from the public and private sectors, and from any country, prevent bribery.
ISO 37001 is being developed as a requirements standard, making it capable of independent certification. If approved as such, authorised third-party certification bodies will be able to certify an organisation’s compliance with the standard and issue a certificate of compliance.
The measures required by ISO 37001 anti-bribery management systems standard are designed to be integrated with existing management processes and controls. The standard follows the common high-level structure for other ISO management system standards so the standards can be easily integrated with one another (for example, ISO 37001 can be integrated with an ISO 9001 quality management system or an ISO 14001 environmental management system).
The requirements of ISO 37001 are generic and specify mandatory anti-bribery measures and controls, including guidance for their implementation.
Among the topics covered are:
- adopting and communicating anti-bribery policies
- getting buy-in and ensuring responsibility from top management
- designating a manager or function responsible for anti-bribery management
- training personnel
- undertaking periodic bribery risk assessments and appropriate due diligence on projects and business associates
- implementing vetting and controls over personnel
- controlling gifts, hospitality, donations and similar benefits
- requesting anti-bribery commitments from business associates
- implementing financial controls to reduce bribery risks
- providing confidential reporting procedures (i.e. ‘whistleblowing’ processes)
- putting processes in place for investigating and dealing with suspected or actual bribery.
ISO 37001 does not specifically address fraud, cartels, antitrust/competition offences, money laundering or other activities related to corrupt practices. An organisation may choose to extend the scope of the management system to include these activities.
The standard will be useful to reassure owners, management, employees and business partners that their organisations are following sound ethical business practices and reducing risks of financial loss and prosecution. It will therefore ultimately provide a competitive advantage for certified organisations.
In September 2015, international specialists from ISO/PC 278 met in Kuala Lumpur, Malaysia, to discuss the comments submitted by the national working groups. Good progress was made during the meeting and a Draft International Standard (DIS) will be submitted to the Central Secretariat in the coming weeks. The DIS will then be circulated to all ISO members (including those who are not participating in the working group), who get three months to comment on it before voting on whether they approve its release.
If the DIS is approved with minor editorial corrections only, the project goes straight to publication. If the DIS has been approved but must be significantly revised following comments, a Final Draft International Standard (FDIS) will be published and submitted to the ISO and the Central Secretariat and again circulated to all ISO members for a two-month vote.
Compliance Insider® follows the work of the ISO working group and will regularly provide relevant updates on the progress of ISO 37001.
ABOUT THE AUTHOR
Thomas Etter is The Red Flag Group’s Director of Advisory for the EMEA region and the Chairman of the Danish mirror committee to ISO/PC 278. Thomas has extensive in-house work experience in management system certifications and in developing and implementing adequate anti-bribery management systems in both medium and large multinational organisations.