What is ISO 37001:2016 Anti-Bribery Management System?
ISO 37001:2016 is the first Published standard written for the topic of bribery. Its full title is “Anti-Bribery Management System – Requirements with guidance for use.” It specifies requirements and guides establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system.
The requirements of ISO 37001 are intended to apply to all organizations (or parts of an organization), regardless of type, size, and nature of the activity, and whether in the public, private or not-for-profit sectors.
Anti-Bribery Management addresses the following in relation to the organization’s activities:
- Bribery in the public, private and not-for-profit sectors.
- Bribery for the organization (Active Bribery).
- Bribery of the organization (Passive Bribery).
- Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
What is Bribery?
ISO 37001 acknowledges that the term “bribery” has different legal definitions depending on local laws and statutes. Still, nevertheless, an attempt was made to provide a general definition for use with the standard.
“Offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of locations, in violation of applicable law, an inducement or reward for a person acting or refraining from acting about the performance of that person’s duties.”
Why an Anti-Bribery Management Standard?
- Bribery is an ugly practice that undermines the trustworthiness of any organization, industry, or region.
- To even be suspected of involvement in bribery can significantly affect an organization’s ability even to be considered for bidding on future business.
- Without mutually respected standards for combatting bribery, how can an organization shake its “reputation”?
Development Process of ISO 37001
- Like any other ISO published standard, This Standard was developed by an assigned committee.
- ISO Project Committee 278.
- Work began on Feb 7, 2014andfollowing the usual path.
- Committee Draft – Fall 2014.
- Draft International Standard – Fall 2015.
- Final Draft International Standard – Fall 2016.
- Officially published 10/13/16.
How Does ISO 37001:2016 Anti-Bribery Management System Work?
Anti-Bribery Management System focuses on three key areas in establishing a system for anti-bribery management
- Prevention of bribery incidents.
- The defection of bribery incidents.
- Response to bribery incidents.
1). Prevention Controls
The bulk of requirements written into ABMS focus on the prevention of bribery, as clearly this is an ideal state for an organization. Specific requirements related to prevention include:
1.1) Bribery Risk Assessments – These are supposed to be performed on a “regular basis and serve as a means to evaluate current and potential bribery risks. Records of these assessments are required.
1.2) Anti-Bribery Policy – This is a required statement from the management of the organization, intended to ensure that the organization’s stance on bribery is made clear to the organization and serves to raise awareness of the ABMS program.
1.3) The Anti-Bribery Compliance Function – This mandatory party (usually a group of people) is tasked with multiple responsibilities relative to the ABMS. These include the development of the system, ensuring its full development, and ABMS effectiveness reporting. As per the standard, this function has to be staffed with parties that are both empowered and independent.
1.4) Employment, Awareness, and Training – One of the more extensive and prescriptive requirements found within ISO 37001. Requirements include screening requirements prior to hiring personnel. Whistleblower protections, reviews of performance bonuses/incentives, and compulsory bribery training.
1.5) Due Diligence – This requirement is direct to the risk assessments. it calls for appropriate investigations to be performed in relation to pending transactions, projects, etc. If a bribery risk is identified.
1.6) Controls Associated With “Controlled Organizations” and Business Associates – Requires the flow of ABMS controls to both of these classes of external providers.
2). Detection Controls
2.1) Bribery Risk Assessment and the Anti-Bribery Compliance Function – These are viewed as both a means of prevention and detection.
2.2) Raising Concerns – The other primary means of detection written into ISO 37001 Revolve around personnel feeling empowered and unafraid to come forward and report actual or perceived incidents of bribery. Controls found that are intended to facilitate this reporting include mandatory anonymity for whistleblowers, confidential treatment of reported incidents, and protections against retaliation for whistleblowers.
3). Response Controls
3.1) Investing and Dealing with Bribery – Series of requirements about response protocol. Among other mandates, this section requires full cooperation with those tasked with the investigation of the incident, as well as empowerment of the investigators.
The investigation results are shared with the anti-bribery compliance function and treated as a confidential matter (except where required by law).
What are ISO 37001 Key Operational Controls?
1). Employment Procedure
- Provide a range of channels (e.g., hotlines, direct access to higher management).
- Ensure that those who speak up are not harassed or penalized but recognized or rewarded for their efforts.
- Provide the option of reporting anonymously.
- Necessitate conduct of due diligence on persons before they are employed or before they are transferred or promoted.
- Give the organization the right to discipline personnel in case of non-compliance.
2). Financial Controls
- Checks and Balances, Counter Signatures, Thresholds for approvals.
- Cash Controls, Restrict cash use. Require receipts from officials.
- No off-the-book accounts.
3). Non-Financial Controls
- Use of contractors that have to undergo a strict pre-qualification process.
- Awarding contracts after a fair and transparent competitive bidding process has taken place.
4). Anti-Bribery Commitment for Business Associates
- Commitment is made formally with written approval by the head of the organization.
- Zero tolerance of bribery should be part of the commitment.
5). Raising Concerns or Whistleblowing
- The independence of investigators is established.
- Manage the security of the investigations and the investigators.
- Use of investigation techniques (e.g. Financial investigations into the lifestyles).
What are the Benefits of ISO 37001?
There are numerous material and intangible benefits to pursuing certification to ISO 37001: 2016. These includes
1.) Detection of Bribery Risks – Implementation of measures to prevent and control bribery risk.
- Overall improvement of risk assessment.
- Recognition – Certification by ISO attests to the adoption of international best practices on Anti-Bribery Management.
- Compliance with local and international legal requirements and industry standards.
2). Business Confidence – Implementation of the ISO 370001 Standards engenders cooperation based on trust.
- International partners have increased confidence.
- Auditors and implementers trained on the Standard are more likely to implement and maintain a reliable management system than their untrained counterparts.
3). Core Reduction – Implementation of strict financial controls, Separation of duties,
- Independent financial audits, restriction on the use of cash, payment approvals.
- Transaction Tracking.
4). Minimization of Conflict of Interest – Communication of consequences for involvement in bribery.
- Organizational effectiveness.
- Improvement in the bottom line.
- Exposure of fraud and due diligence.
5). Adoption of Anti-Bribery Culture – Awareness and training aspects of the Anti-Bribery Management System promote Anti-Bribery culture
- Improve Morale.
- General Performance Improvement.
6). The Standard Benefits an Organization By Providing – Minimum requirements and supporting guidance for implementing or benchmarking an anti-bribery management system.
- Assurance to management, investors, employees, customers, and other stakeholders that an organization is taking reasonable steps to prevent bribery.
- Evidence in the event of an investigation that an organization has taken reasonable steps to prevent bribery.
- Assuring outside stakeholders that the organization takes business ethics seriously and promotes a culture of honesty and trustworthiness.
- Provides a means to select reliable parties in regions or industries with a reputation (deserved or not) for bribery and corruption.
- This can lead to overall cost reductions.
- Prevention of conflict of interest.
- It can be used as a resource for information in the event of an outside (governmental) investigation of an alleged bribery incident.
What are the Major Requirements of ISO 37001?
- Documented scope of the Anti-Bribery Management System.
- Regular Bribery risk assessment.
- Ensuring the integration of the A requirement into the organization’s processes.
- Documented Anti-Bribery Policy.
- Assigned Person/s to oversee the ABMS.
- Plan, Integrate, and implement actions to address bribery risks and opportunities.
- Documented information on ABMS objectives.
- Anti-Bribery Controls on human resources.
- Controls on documented information management.
- Due diligence on projects and business associates.
- Financial and non-financial controls.
- Implementation of Anti-Bribery controls on controlled organizations.
- Anti-Bribery controls on gifts, hospitality, raising concerns, investigation.
- ABMS Internal Audit and management reviews.
- Corrective action and continual improvement.
What are the Major Steps in Establishing ISO 37001?
- Define the context of the organization.
- Define the scope and the processes of the ABMS.
- Determine the bribery risks to be managed.
- Establish the intended outcomes of the ABMS.
- Assign Roles, responsibilities, and authorities.
- Plan the actions to achieve the intended outcomes.
- Support the ABMS and its processes.
- Implement and control the Anti-Bribery Management System Processes.
- Monitor, Measure, analyze and evaluate the Anti-Bribery Management System Performance.
- Improve the ABMS and its processes.
- Undergo Certification.
Anti-Bribery Management System Audit Process
- The organization should expect a thorough review of procedures, contracts, terms and conditions, and other related materials.
- Many employees will be interviewed about their role in the organization and ensure that they know Anti-Bribery protocols and policies.
- The auditor will review various resources (online, etc.) to determine if the organization has been involved in an alleged incident of bribery.
In addition, to ISO 37001 certification audit we also offer a range of complimentary services:
- ISO Certifications
- ISO 9001:2015 QMS
- ISO 14001:2015 EMS
- ISO 45001:2018 OHSMS
- ISO 50001:2018 EnMS
- ISO 27001:2018 ISMS
- ISO 20000:2018 ITSMS
- Halal Certification
- ISO 22000:2018 FSMS
- FSSC 22000 V5
- HACCP Food Safety Management System
- ISO 21001:2018 EOMS
- ISO 29990:2010 LSMS
- ISO 20121:2012 ESMS
- ISO 22301:2019 BCMS
- ISO 28000:2007 SCMS
- ISO 13485:2016 MDSM
- ISO 39001:2012 RTSMS
- ISO 31000:2018 Risk Management – Guidelines
- ISO 3834 – Quality Requirements for Fusion Welding of Metallic Materials
- ISO 22716 – GMP
- “Covid-Shield” Certification
- GlobalG.A.P. Certification
- IFS Certification Services
- Process improvement solutions
What are the Focus Points to Implementing ISO 37001 Certification?
- Anti-Bribery Policies and Procedures.
- Anti-Bribery Risk Assessments.
- Controls to migrate Bribery Risks.
- Continuous Monitoring and Regular Audits.
- Training and Awareness on Anti-Bribery Policies and Measures.
What are the Implementation Phases ISO 37001?
- Initial Visits & Review of the Existing System.
- Gap Analysis & Documentation.
- Training and Support for System Implementation.
- Internal Audit for Verification of Implemented System.
- Certification Audit (Stage 1 & 2).
- Rewarding ISO 37001 Certificate to the Organization.
Who can Avail of ISO 37001 Certification?
Any Size of organization can avail of ISO 37001 certification
- Manufacturing Units.
- Educational Institutes.
- Retail Outlets.
How Will ISO 37001 benefit an Organization?
It’s a risk management tool and brings assurance to stakeholders that an organization is taking reasonable steps to prevent, detect, and appropriately manage bribery risk.
Does conformity with ISO 37001 guarantee that Bribery will not occur?
No, ISO 37001 certification cannot provide assurance that bribery will not occur in an organization. it can help the organization to prevent, detect and respond to bribery risk, and strengthen the anti-bribery culture.
Would you mind sending an Enquiry so we can assist you in getting certified?Send Enquiry