What is ISO 37001:2016 Anti-Bribery Management System?

ISO 37001:2016 is the first published standard written for the topic of bribery. Its full title is “Anti-Bribery Management System – Requirements with guidance for use.” It specifies requirements and guides establishing, maintaining, reviewing, and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system.

ISO 37001 2016 Anti-Bribery Management System

The requirements of ISO 37001 are intended to apply to all organizations (or parts of an organization), regardless of type, size, and nature of the activity, and whether in the public, private or not-for-profit sectors.

Anti-Bribery Management addresses the following in relation to the organization’s activities:

  • Bribery in the public, private and not-for-profit sectors.
  • Bribery for the organization (Active Bribery).
  • Bribery of the organization (Passive Bribery).
  • Direct and indirect bribery (e.g., a bribe offered or accepted through or by a third party).

What is Bribery?

ISO 37001 acknowledges that the term “bribery” has different legal definitions depending on local laws and statutes. Still, nevertheless, an attempt was made to provide a general definition for use with the standard.

What is Bribery

“Offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of locations, in violation of applicable law, an inducement or reward for a person acting or refraining from acting about the performance of that person’s duties.”

Why an Anti-Bribery Management Standard?

  • Bribery is an ugly practice that undermines the trustworthiness of any organization, industry, or region.
  • To even be suspected of involvement in bribery can significantly affect an organization’s ability even to be considered for bidding on future business.
  • How can an organization shake its “reputation” without mutually respected standards for combatting bribery?

Development Process of ISO 37001

  • Like any other ISO-published standard, This Standard was developed by an assigned committee.
  • ISO Project Committee 278.
  • Work began on Feb 7, 2014, and followed the usual path.
  • Committee Draft – Fall 2014.
  • Draft International Standard – Fall 2015.
  • Final Draft International Standard – Fall 2016.
  • Officially published 10/13/16.

How Does ISO 37001:2016 Anti-Bribery Management System Work?

Anti-Bribery Management System focuses on three key areas in establishing a system for anti-bribery management.

  • Prevention of bribery incidents.
  • The defection of bribery incidents.
  • Response to bribery incidents.

1). Prevention Controls

The bulk of requirements written into ABMS focus on preventing bribery, as this is an ideal state for an organization. Specific requirements related to prevention include:

1.1) Bribery Risk Assessments – These are supposed to be performed on a “regular basis and serve as a means to evaluate current and potential bribery risks. Records of these assessments are required.

1.2) Anti-Bribery Policy – This is a required statement from the organization’s management, intended to ensure that the organization’s stance on bribery is made clear to the organization and serves to raise awareness of the ABMS program.

1.3) The Anti-Bribery Compliance Function – This mandatory party (usually a group of people) is tasked with multiple responsibilities relative to the ABMS. These include the development of the system, ensuring its full development, and ABMS effectiveness reporting. As per the standard, this function has to be staffed with empowered and independent parties.

1.4) Employment, Awareness, and Training – One of the more extensive and prescriptive requirements found within ISO 37001. Requirements include screening requirements before hiring personnel. Whistleblower protections, performance bonuses/incentives reviews, and compulsory bribery training.

1.5) Due Diligence – This requirement is directed to risk assessments. It calls for appropriate investigations to be performed in relation to pending transactions, projects, etc. if a bribery risk is identified.

1.6) Controls Associated With “Controlled Organizations” and Business Associates – Requires the flow of ABMS controls to both of these classes of external providers.

2). Detection Controls

2.1) Bribery Risk Assessment and the Anti-Bribery Compliance Function – These are viewed as both a means of prevention and detection.

2.2) Raising Concerns – The other primary means of detection written into ISO 37001 Revolve around personnel feeling empowered and unafraid to come forward and report actual or perceived incidents of bribery. Controls found that are intended to facilitate this reporting include mandatory anonymity for whistleblowers, confidential treatment of reported incidents, and protections against retaliation for whistleblowers.

3). Response Controls

3.1) Investing and Dealing with Bribery – Series of requirements about response protocol. Among other mandates, this section requires full cooperation with those tasked with investigating the incident, as well as the empowerment of the investigators.

The investigation results are shared with the anti-bribery compliance function and treated as confidential (except where required by law).

What are ISO 37001 Key Operational Controls?

1). Employment Procedure

  • Provide a range of channels (e.g., hotlines, direct access to higher management).
  • Ensure that those who speak up are not harassed or penalized but recognized or rewarded for their efforts.
  • Provide the option of reporting anonymously.
  • Necessitate conduct of due diligence on persons before they are employed or before they are transferred or promoted.
  • Give the organization the right to discipline personnel in case of non-compliance.

2). Financial Controls

  • Checks and Balances, Counter Signatures, Thresholds for approvals.
  • Cash Controls, Restrict cash use. Require receipts from officials.
  • No off-the-book accounts.

3). Non-Financial Controls

  • Use of contractors that have to undergo a strict pre-qualification process.
  • Awarding contracts after a fair and transparent competitive bidding process has taken place.

4). Anti-Bribery Commitment for Business Associates

  • Commitment is made formally with written approval by the head of the organization.
  • Zero tolerance for bribery should be part of the commitment.

5). Raising Concerns or Whistleblowing

Anti-Bribery Investigations

  • The independence of investigators is established.
  • Manage the security of the investigations and the investigators.
  • Use of investigation techniques (e.g., Financial investigations into the lifestyles).

What are the Benefits of ISO 37001?

There are numerous material and intangible benefits to pursuing certification to ISO 37001: 2016. These includes

1.) Detection of Bribery Risks – Implement measures to prevent and control bribery risk.

  • Overall improvement of risk assessment.
  • Recognition – Certification by ISO attests to adopting international best practices in Anti-Bribery Management.
  • Compliance with local and international legal requirements and industry standards.

2). Business Confidence – Implementing the ISO 370001 Standards engenders trust-based cooperation.

  • International partners have increased confidence.
  • Auditors and implementers trained on the Standard are more likely to implement and maintain a reliable management system than their untrained counterparts.

3). Core Reduction – Implementation of strict financial controls, Separation of duties,

  • Independent financial audits, restrictions on the use of cash, payment approvals.
  • Transaction Tracking.

4). Minimization of Conflict of Interest – Communication of consequences for involvement in bribery.

  • Organizational effectiveness.
  • Improvement in the bottom line.
  • Exposure of fraud and due diligence.

5). Adoption of Anti-Bribery Culture – Awareness and training aspects of the Anti-Bribery Management System promote Anti-Bribery culture

  • Improve Morale.
  • General Performance Improvement.

6). The Standard Benefits an Organization By Providing – Minimum requirements and supporting guidance for implementing or benchmarking an anti-bribery management system.

  • Assurance to management, investors, employees, customers, and other stakeholders that an organization is taking reasonable steps to prevent bribery.
  • Evidence in the event of an investigation that an organization has taken reasonable steps to prevent bribery.
  • Assuring outside stakeholders that the organization takes business ethics seriously and promotes a culture of honesty and trustworthiness.
  • Provides a means to select reliable parties in regions or industries with a reputation (deserved or not) for bribery and corruption.
  • This can lead to overall cost reductions.
  • Prevention of conflict of interest.
  • It can be used as a resource for information in the event of an outside (governmental) investigation of an alleged bribery incident.

What are the Major Requirements of ISO 37001?

  • Documented the scope of the Anti-Bribery Management System.
  • Regular Bribery risk assessment.
  • Ensuring the integration of the A requirement into the organization’s processes.
  • Documented Anti-Bribery Policy.
  • Assigned Person/s to oversee the ABMS.
  • Plan, Integrate, and implement actions to address bribery risks and opportunities.
  • Documented information on ABMS objectives.
  • Anti-Bribery Controls on human resources.
  • Controls on documented information management.
  • Due diligence on projects and business associates.
  • Financial and non-financial controls.
  • Implementation of Anti-Bribery controls on controlled organizations.
  • Anti-Bribery controls on gifts, hospitality, raising concerns, and investigation.
  • ABMS Internal Audit and management reviews.
  • Corrective action and continual improvement.

What are the Major Steps in Establishing ISO 37001?

  • Define the context of the organization.
  • Define the scope and the processes of the ABMS.
  • Determine the bribery risks to be managed.
  • Establish the intended outcomes of the ABMS.
  • Assign Roles, responsibilities, and authorities.
  • Plan the actions to achieve the intended outcomes.
  • Support the ABMS and its processes.
  • Implement and control the Anti-Bribery Management System Processes.
  • Monitor, Measure, analyze and evaluate the Anti-Bribery Management System Performance.
  • Improve the ABMS and its processes.
  • Undergo Certification.

Anti-Bribery Management System Audit Process

  • The organization should expect a thorough review of procedures, contracts, terms and conditions, and other related materials.
  • Many employees will be interviewed about their role in the organization and ensure they know Anti-Bribery protocols and policies.
  • The auditor will review various resources (online, etc.) to determine if the organization has been involved in an alleged incident of bribery.

In addition, to ISO 37001 certification audit also offer a range of complimentary services:

  • ISO Certifications
  • ISO 9001 – Quality Management System
  • ISO 14001 – Environmental Management System
  • ISO 45001 – Occupational Health & Safety Management System
  • ISO 50001 – Energy Management System
  • ISO 27001 – Information Security Management System
  • ISO 20000 – IT Service Management System
  • ISO 22000 – Food Safety Management System
  • FSSC 22000 – Food Safety System Certification
  • HACCP – Food Safety Management System
  • ISO 21001 – Educational Organizations Management System
  • ISO 29990 – Learning Services Management System
  • ISO 20121 – Sustainability Event Management System
  • ISO 22301 – Business Continuity Management System
  • ISO 28000 – Supply Chain Security Management System
  • ISO 13485 – Quality Management Systems for Medical Devices
  • ISO 39001 – Road Traffic Safety Management System
  • ISO 31000 – Risk Management – Guidelines
  • ISO 22716 – Good Manufacturing Practices for Cosmetics
  • ISO 3834 – Quality Requirements for Fusion Welding of Metallic Materials
  • Halal Certification
  • “Covid-Shield” Certification
  • GlobalG.A.P. Certification
  • IFS Certification Services

FAQ’s

What are the Focus Points for Implementing ISO 37001 Certification?

  • Anti-Bribery Policies and Procedures.
  • Anti-Bribery Risk Assessments.
  • Controls to migrate Bribery Risks.
  • Continuous Monitoring and Regular Audits.
  • Training and Awareness on Anti-Bribery Policies and Measures.

What are the Implementation Phases ISO 37001?

  • Initial Visits & Review of the Existing System.
  • Gap Analysis & Documentation.
  • Training and Support for System Implementation.
  • Internal Audit for Verification of Implemented System.
  • Certification Audit (Stage 1 & 2).
  • Rewarding ISO 37001 Certificate to the Organization.

Who can Avail of ISO 37001 Certification?

Any Size of organization can avail of ISO 37001 certification

  • Manufacturing Units.
  • Educational Institutes.
  • Hospitals.
  • Retail Outlets.

How Will ISO 37001 benefit an Organization?

It’s a risk management tool and assures stakeholders that an organization is taking reasonable steps to prevent, detect, and appropriately manage bribery risk.

Does conformity with ISO 37001 guarantee that Bribery will not occur?

No, ISO 37001 certification cannot assure that bribery will not occur in an organization. it can help the organization to prevent, detect and respond to bribery risk, and strengthen the anti-bribery culture.