ISO 37001, the Anti-Bribery standard, outlines requirements and guidance for organizations to establish, implement, review, and enhance an anti-bribery management system. Effectively managing risks associated with bribery and other forms of corruption is crucial for achieving commercial success. ISO 37001 certification provides assurance to stakeholders that robust anti-bribery measures are in place, being maintained, and continually improved.
What is ISO 37001
ISO 37001:2016 is applicable only to bribery. It sets forth management system requirements designed to help organizations prevent, detect, and respond to bribery, as well as comply with anti-bribery laws and voluntary commitments applicable to the organization’s activities
Other aspects, such as fraud or money laundering, can be included in the management system scope in accordance with relevant legislation and best practices. ISO 37001 covers bribery:
- by the organization, its personnel or business associates acting on the organization’s behalf or for its benefit;
- of the organization, its personnel or business associates in relation to the organization’s activities.
A compliant management system must implement measures and controls to help prevent, detect, and address bribery. These should cover:
- anti-bribery policy;
- management leadership, commitment and responsibility;
- personnel controls and training;
- risk assessments;
- due diligence on projects and business associates;
- financial, commercial and contractual controls;
- reporting, monitoring, investigation and review;
- corrective action and continual improvement.
ISO 37001 benefits to organizations
Implementing an Anti-Bribery Management System (ABMS) based on ISO 37001 can be a strategic decision to demonstrate an organization’s commitment to effectively prevent, detect, and respond to bribery. Organizations aiming for an effective ABMS must demonstrate their dedication to preventing bribery by establishing policies, procedures, and controls that contribute to reducing bribery risks. Despite the generic nature of ISO 37001 requirements, organizations have the flexibility to establish an ABMS that best suits their needs.
Some of the benefits that organizations would obtain by implementing an ABMS based on ISO 37001 include:
- Improved ability to detect, prevent, and respond to bribery by the organization or against the organization
- Opportunity to certify the ABMS by undergoing a conformity assessment from an accredited conformity assessment body
- Establishment of processes that allow proper due diligence of prospective personnel and business associates
- Opportunity to contribute in the global fight against bribery
- Opportunity to shape, improve, or transform the culture of an organization
- Improved ability to respond, mitigate, and deal with the consequences if a bribery case occurs
- In certain jurisdictions, the existence of an internal mechanism to address bribery issues can reduce penalties in cases of wrongdoing.
Benefits of certification
Certification to ISO 37001 supports your anti-bribery management system efforts by verifying that the:
- standard’s requirements are addressed;
- necessary controls are in place within your own organization and across your entire value chain;
- company has adequate and proportionate procedures in place to actively prevent bribery;
- management system supports compliance with applicable anti-bribery legislation.
While certification to ISO 37001 cannot guarantee that bribery will not occur, it verifies that you have an structured management system in place to prevent such situations.
Does the ISO standard require a stand-alone management system?
ISO 37001 is in principle a stand-alone management system. However, the measures it contains are designed so that they can also be integrated into existing management systems and the control mechanisms that they specify. Like the widely used quality management system ISO 9001, DIN ISO 37001 adopts a top-down approach.
What are the main requirements of the iso standard?
The most important function of a compliance management system (CMS) is to ensure that any potential for material violations of the rules is identified promptly and that violations are prevented.
Despite an exemplary CMS, violations can still occur; even the best system cannot totally prevent them. The CMS sets out rules on appropriate responses and countermeasures in the event of a violation.
ISO 37001 defines seven core steps and assigns concrete measures to each:
1. Implement
Implementing a comprehensive compliance policy makes economic sense and ultimately boosts sales. An organization that complies with legal obligations and can demonstrate that it has put measures in place to prevent compliance violations earns the trust of customers, suppliers and other parties.
2. Establish
Compliance only functions in organizations if it is practiced by management. Compliance managers may find that establishing this “tone from the top” is a challenging task. But correct behavior at all levels and across all departments can only be achieved if everyone acts together. The ISO explicitly refers to this in Section 5.
The ISO standard requires organizations to have an independent compliance manager who should also be responsible for the anti-bribery management system. To enable the employee assigned to this function to work independently, it is essential to avoid conflicts of interest.
According to the ISO, the organization’s managers are also responsible for ensuring that an anti-bribery policy is adopted. The policy must state clearly that bribery is prohibited and that any violations by employees will be reported and appropriate action taken. The policy must be communicated to all members of staff and relevant external partners.
3. Develop
As part of the anti-bribery management system, effective controls specific to the organization must be developed. These controls must cover all corruption risks and ensure effective monitoring for violations.
According to ISO 37001, employees should participate in regular training that enables them to understand the organization’s anti-bribery policy and comply with it. The ISO does not require all employees to receive training but only those with elevated risk potential. The training programme must be tailored to the organization.
4. Review
There are many different aspects to the establishment of an anti-bribery management system. The ISO standard provides some advice on designing an ABMS. For example, enhanced due diligence must always be performed on transactions, projects, personnel and business associates if the corruption risk is any higher than “low”.
The ISO requires business associated or business partners to be included in the financial and non-financial controls. In high-risk cases ISO 37001 also calls for the business partners of the business associates to be checked. ISO-certified organizations should require these checks from their direct business partners.
If the corruption risk is classed as low, it is not necessary to demand that business partners carry out checks. In this situation the check of the organization’s own business partners is sufficient.
Internally, a dual control principle for important transactions may be enough. In dealing with external partners, corruption often occurs in connection with procurement procedures. A transparent procurement procedure for important transactions can prevent corruption.
The review process involves identifying and categorizing the risks within the organization and among third parties so that they can be tackled effectively. In other words, this is a risk-based approach.
5. Execute
If corruption risks are identified internally or among partners, suppliers and other business partners, the due diligence checks described in the “Review” section must be rigorously performed and documented.
6. Continue
Setting up a compliance programs in accordance with ISO 37001 is not a one-off task – even if the CMS is successfully certified. The compliance manager and the organization’s managers must maintain ongoing due diligence, which includes reporting, monitoring, investigating and checking. All processes must be enshrined in the organization’s DNA as an automatic aspect of the management task.
7. Adapt
No system functions perfectly from the get-go. As part of a process of continuous improvement, the CMS must therefore be regularly scrutinized so that violations can be systematically prevented and non-conformities addressed. This systematic process is explicitly required in Section 10 of ISO 37001, which deals with improvement.
It may sometimes be necessary to adapt the CMS as a result of external factors such as changes in procurement law or the commercial banking system or revision of ISO 37001 itself.
OSS Middle East Provide all field with quality services and Management Systems to ask for a price list or free consultation for any services we provide contact us now!
Oss Middle East Company:
Aim to help organization in all sectors in Egypt and Middle East to apply the international standard in Quality Management systems in all fields.
OSS Accredited by:-
OSS register by Many Egyptian Organization:
Other Article:-