The push to adopt a uniform set of international anti-bribery management system standards is gaining momentum on a global scale and ultimately will raise the bar for compliance officers looking to reinforce their anti-bribery compliance programs.
The International Organization for Standardization (ISO)—an independent, non-governmental group with a membership of 162 national standard-setting bodies—published draft ISO 37001 in 2013 as part of an international project to come up with a consistent language and framework of anti-bribery management system standards for companies of all sizes in the public, private, and non-government sectors. The draft standard comes at a time when several countries—such as Brazil and China—are cracking down on bribery and corruption.
Since 2013, five meetings of the ISO 37001 project committee—currently made up of the technical advisory groups of 37 countries—have taken place. The draft standard was published for international comment in January 2016. Final votes from the ISO national member bodies are due today, April 5.
Once formally passed, countries that took part in the voting will have a chance to provide additional amendments to the draft standard before a final meeting of the ISO 37001 project committee in Mexico City in May 2016. Publication of ISO 37001 is expected by the end of this year.
For compliance officers wondering what distinguishes ISO 37001 from other anti-bribery guidance out there—such as the U.S. Sentencing Guidelines and the FCPA Resource Guide—this is the first time that there will be an internationally recognized and certifiable minimum standards program, explains Neill Stansbury, director of the Global Infrastructure Anti-Corruption Centre and chair of ISO’s project committee.
Because of how comprehensive the process has been, ISO 37001 “has changed quite a bit from the original draft, but it still retains its core anti-corruption standards,” Stansbury says. “There is nothing in there that will surprise any good compliance officer.”
“This is the first time that you will have an internationally recognized and certifiable minimum standards program.”
Neill Stansbury, Chair, ISO Anti-Bribery Project Committee
To be in compliance with ISO 37001, companies must have strong tone-at-the-top; anti-bribery policies, procedures, and controls; an independent compliance function; and whistleblower procedures and protections. They must further undertake enterprise-wide risk assessments; proper due diligence on intermediaries and transactions; anti-bribery training; monitoring and auditing; and remediation measures following actual or alleged bribery.
As a minimum requirements standard, third parties will be able to certify a company’s compliance with the standard. “If you want to be compliant with ISO 37001, you must comply with all the requirements of these standards; it’s not optional,” says Stansbury. Furthermore, ISO 37001 will not demonstrate that a company’s anti-bribery standard is reasonable and proportionate to the specific risks faced by the company itself.
Compliance officers should keep in mind that some countries have enacted legal requirements that aren’t necessarily shared by other countries. “Consequently, if an organization meets the ISO 37001 requirements, it does not mean that it meets the specific legal requirements of countries where it operates,” said Philippe Montigny, chief executive officer of anti-corruption ETHIC Intelligence, a firm that certifies corporate anti-corruption compliance programs.
Neither is compliance with ISO 37001 meant to provide assurance that no bribery has occurred or will occur in the future at a company. This shouldn’t come as a shock to any compliance officer: no anti-bribery program in the world, no matter how robust, can guarantee the prevention of all acts of bribery.
“ISO 37001 will help an organization comply with globally recognized anti-bribery leading practices and meet applicable legal requirements,” Leslie Benton, a member of the ISO 37001 U.S. technical advisory group, said in a statement. “It will also demonstrate to the organization’s stakeholders, including investors, customers, business partners and regulators, that the organization is taking reasonable steps to prevent bribery.”
Even if they don’t get certified, “companies can use it to benchmark their own program, giving them comfort that their systems are internationally compliant,” says Stansbury.
Keep in mind, too, ISO 37001 addresses only bribery. It does not address other criminal offenses such as fraud, cartels, anti-trust, and money laundering. Although a lot of back-and-forth debate took place on whether to include all those criminal offenses, “consensus was reached that it would have been too broad,” says Stansbury.
ISO 37001 INFORMATION
Below, ISO provides details on ISO 37001.
Bribery is one of the world’s most destructive and challenging issues. With over US$ 1 trillion paid in bribes each year*, the consequences are catastrophic, reducing quality of life, increasing poverty and eroding public trust.
Yet despite efforts on national and international levels to tackle bribery, it remains a significant issue. Recognizing this, ISO is currently developing a new standard to help organizations fight bribery and promote an ethical business culture.
The future ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
Who is it for?
ISO 37001 can be used by any organization, large or small, whether it be in the public, private or voluntary sector, and in any country. It is a flexible tool, which can be adapted according to the size and nature of the organization and the bribery risk it faces.
When will it be available?
The draft will be available through your local ISO member once it reaches the public enquiry (DIS) stage, before the standard is published around late 2016. Learn more about the stages of standards development.
Particularly in the context of emerging markets like Latin America and Mexico, this standard will create a competitive advantage, says Fernando Cervallos, leader of the compliance, forensics, and intelligence team at Control Risks in Mexico and who represents Mexico in the development of ISO 37001.
For countries where the risk of bribery and corruption is especially high—such as Mexico, Brazil, Ecuador, and Argentina—ISO 37001 will provide clear, detailed steps that companies can take to certify that they have the necessary controls in place to resist demands for bribes, Cervallos adds. “That creates a competitive advantage within emerging markets, because that will put them in a better position over their competitors,” he says.
One outcome that remains to be seen is whether companies require their major sub0-contractors, suppliers, and consultants to provide evidence of certification to ISO 37001 as part of their supply chain approval process. You may find that procuring entities begin requiring their supply chain “to produce in due course an independently certified ISO 37001 to show they’ve put a proper ethical control environment in place,” Stansbury says.
Where certification to ISO 37001 is not a tender requirement, companies may find themselves at a competitive advantage by being certified, as they will be able to show the procuring entity that they have an anti-bribery management system in place which may gain them an advantage in the procurement evaluation, Stansbury says.
Overall, implementation of ISO 37001 can only benefit compliance officers at multinational companies. By establishing a consistent international anti-bribery framework, companies will now have reassurance on a global scale that they are following ethical business practices. “Because it’s been developed and agreed upon by so many countries,” Stansbury says, “I think it will have a very powerful impact worldwide.”