ISO 37001 – A Whole New World for Anti-Bribery Due Diligence?
The new international standard for anti-bribery management systems was published on 15th October. Organisations seeking to do business worldwide, especially in emerging markets, can now look to an internationally recognised approach to anti-bribery compliance for guidance.
The International Organisation for Standardisation (“ISO”) says that “ISO 37001 is designed to help your organisation implement an anti-bribery management system or enhance the controls you currently have. It helps to reduce the risk of bribery occurring and can demonstrate to your stakeholders that you have put in place internationally recognised good-practice anti-bribery controls”.
An organisation seeking to become certified should adopt a series of measures such as:
- Adopting an anti-bribery policy and appointing someone to oversee compliance;
- Planning and achieving anti-bribery objectives;
- Assessment of bribery risks;
- Leadership and commitment from top management;
- Operational controls and due diligence;
- Instituting reporting and investigation procedures;
- Competence assurance and training of personnel;
- Performance evaluation, including audit and review.
Implementing your anti-bribery management system in this way will help to reduce the risk of bribery occurring and can demonstrate to your management, owners, funders, employees and other business associates that you have put in place an internationally recognised system for the prevention and detection of bribery. When preparing to sell your business it can also go some way to reassure prospective buyers that your anti-bribery systems are robust enough to reduce the risk of bribery occurring within your organisation.
The standard contains detailed guidance on the performance of third party due diligence, an essential element of any effective anti-bribery programme. It recommends that “due diligence procedures implemented by the organisation on its business associates should be consistent across similar bribery risk levels”, so business associates in locations or markets with a higher risk of bribery would need a significantly higher level of due diligence than those in low bribery risk locations or markets.
ISO 37001 applies to small, medium and large organisations in all sectors, anywhere in the world, so it is easy to see how it could make due diligence simpler as more and more organisations seek to become certified. As the interest in doing business in emerging markets grows, where bribery risks are likely to be higher, carrying out due diligence on potential business associates in those markets may become less of a headache if they start using the standard as a benchmark for implementing their own anti-bribery systems.
If the appetite for certification grows and ISO37001 is heralded a success, we could see more organisations requiring certification as part of their tender process, and it is hoped that this would encourage businesses in emerging markets to adopt the standard if they want to secure and retain global business.
Whilst certification will not guarantee that bribery has not or will not occur within an organisation, it may go some way to demonstrating that adequate procedures were put in place by that organisation in order to prevent bribery. Time will tell whether or not the regulatory authorities in the UK and elsewhere will accept that the standard provides sufficient evidence that an organisation had adequate procedures in place at the time of a breach.
The introduction of a globally recognised standard for the prevention and detection of bribery will be welcomed by businesses. The potential benefits of ISO37001 are unlikely to be seen overnight, but in a market where more organisations are looking to do business outside the UK, encouraging your business associates - including your suppliers, customers and agents - to become certified can only help to attract and retain global business.
Over the coming weeks we will be issuing a series of briefings looking at the essential components of an anti-bribery system for businesses looking to become ISO compliant.
15th September 2020
The High Court in England has today handed down its much anticipated judgment.
15th September 2020
WFH can pose challenges in keeping sensitive and confidential business information secure.
3rd September 2020
We highlight ten key health and safety issues you should be thinking about.