ISO 37001: 2016 Anti-Bribery Management System

ISO 37001: 2016 Anti-Bribery Management System

ISO 37001: 2016 is the first Published standard written for the topic of bribery. Its full title is “Anti-Bribery Management System – Requirements with guidance for use”. 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system. the system can be stand-alone or can be integrated into an overall management system.

The requirements of ISO 37001: 2016 are intended to be applicable to all organizations (or parts of an organization), regardless of type, size, and nature of the activity, and whether in the public, private or not-for-profit sectors.

ISO 37001: 2016 Anti-Bribery Management System

ISO 37001: 2016 addresses the following in relation to the organization’s activities:

  • Bribery in the public, private and not-for-profit sectors
  • Bribery for the organization (Active Bribery)
  • Bribery of the organization (Passive Bribery)
  • Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

What is Bribery?

ISO 37001 Acknowledge that the term “bribery” has different legal definitions depending on local laws and statutes, but nevertheless, an attempt was made to provide a general definition for use with the standard.

“Offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of locations, in violation of applicable law, an inducement or reward for a person acting or refraining from acting in relation to the performance of that person’s duties”.

Why an Anti-Bribery Management Standard?

  • Bribery is an ugly practice that undermines the trustworthiness of any organization, industry, or region.
  • To even be suspected of involvement in an incident of bribery can greatly affect an organization’s ability to even be considered for bidding on future business.
  • Without mutually respected standards for combatting bribery, how can an organization shake its “reputation”?

ISO 37001’s Development Process

  • Like any other ISO published standard, ISO 37001 was developed by an assigned committee.
  • ISO Project Committee 278
  • Work began on Feb 7, 2014andfollowing the usual path
  • Committee Draft – Fall 2014
  • Draft International Standard – Fall 2015
  • Final Draft International Standard – Fall 2016
  • ISO 37001 officially published 10/13/16

Major Requirements of ISO 37001: 2016

  • Documented scope of the Anti-Bribery Management System
  • Regular Bribery risk assessment
  • Ensuring the integration of the A requirement into the organization’s processes
  • Documented Anti-Bribery Policy
  • Assigned Person/s to oversee the ABMS
  • Plan, Integrate, and implement actions to address bribery risks and opportunities.
  • Documented information on ABMS objectives
  • Anti-Bribery Controls on human resources
  • Controls on documented information management
  • Due diligence on projects and business associates
  • Financial and non-financial controls
  • Implementation of Anti-Bribery controls on controlled organizations
  • Anti-Bribery controls on gifts, hospitality, raising concerns, investigation.
  • ABMS Internal Audit and management reviews
  • Corrective action and continual improvement

Major Steps in Establishing the ISO 37001:2016

  • Define the context of the organization
  • Define the scope and the processes of the ABMS
  • Determine the bribery risks to be managed
  • Establish the intended outcomes of the ABMS
  • Assign Roles, responsibilities, and authorities
  • Plan the actions to achieve the intended outcomes
  • Support the ABMS and its processes
  • Implement and control the Anti-Bribery Management System Processes
  • Monitor, Measure, analyze and evaluate the Anti- Bribery Management System Performance
  • Improve the ABMS and its processes
  • Undergo Certification.

How Does ISO 37001: 2016 Anti-Bribery Management System Work?

ISO 37001: 2016 focuses on three key areas in establishing a system for anti-bribery management.

  • Prevention of bribery incidents
  • The defection of bribery incidents
  • Response to bribery incidents

Prevention Controls

The bulk of requirements written into ISO 37001:2016 focus on prevention of bribery, as clearly this is an ideal state for an organization. Specific requirements related to prevention include

Bribery Risk Assessments – These are supposed to be performed on a “regular basis and serve as a means to evaluate current and potential bribery risks. Records of these assessments are required.

Anti-Bribery Policy – This is a required statement from the management of the organization, intended to ensure that the organization’s stance on bribery is made clear to the organization and serves to raise awareness of the ABMS program.

The Anti-Bribery Compliance Function – This mandatory party (usually a group of people) is tasked with multiple responsibilities relative to the ABMS. These include the development of the system, ensuring its full development, and ABMS effectiveness reporting. As per the standard, this function has to be staffed with parties that are both empowered and independent.

Employment, Awareness, and Training – One of the more extensive and prescriptive requirements found within ISO 37001. Requirements include screening requirements prior to hiring personnel. Whistleblower protections, reviews of performance bonuses/incentives, and compulsory bribery training.

Due Diligence – This requirement is direct to the risk assessments. it calls for appropriate investigations to be performed in relation to pending transactions, projects, etc. If a bribery risk is identified.

Controls Associated With “Controlled Organizations” and Business Associates Requires the flow of ABMS controls to both of these classes of external providers.

Detection Controls

Bribery Risk Assessment and the Anti-Bribery Compliance Function – These are viewed as both a means of prevention and detection.

Raising Concerns – The other primary means of detection written into ISO 37001 Revolves around personnel feeling empowered and unafraid to come forward and report actual or perceived incidents of bribery. Controls found that are intended to facilitate this reporting include mandatory anonymity for whistleblowers, confidential treatment of reported incidents, and protections against retaliation for whistleblowers.

Response Controls

Investing and Dealing with Bribery – Series of requirements pertaining to response protocol. Among other mandates, this section requires full cooperation with those tasked with the investigation of the incident, as well as empowerment of the investigators. the results of the investigation are shared with the anti-bribery compliance function and treated in a confidential matter (except where required by law).

ISO 37001:2016 Key Operational Controls

Employment Procedure

  • Necessitate conduct of due diligence on persons before they are employed or before they are transferred or promoted.
  • Give the organization the right to discipline personnel in case of non-compliance

Financial Controls

  • Checks and Balances, Counter Signatures, Thresholds for approvals.
  • Cash Controls, Restrict cash use. Require receipts from officials.
  • No off-the-book accounts.

Non-Financial Controls

  • Use of contractors that have to undergo strict pre-qualification process
  • Awarding contracts after a fair and transparent competitive bidding process has taken place.

Anti-Bribery Commitment for Business Associates

  • Commitment is made formally with written approval by the head of the organization
  • Zero tolerance of bribery should be part of the commitment.

Raising Concerns or Whistleblowing

  • Provide a range of channels (e.g. hotlines, direct access to higher management)
  • Ensure that those who speak up are not harassed or penalized, but recognized or rewarded for their efforts.
  • Provide the option of reporting anonymously

Anti-Bribery Investigations

  • Independence of investigators is established
  • Manage the security of the investigations and the investigators
  • Use of investigation techniques (e.g. Financial investigations into the lifestyles)

ISO 37001: 2016 Anti-Bribery Management System Audit Process

  • The organization should expect a thorough review of procedures, contracts, terms and conditions, and other related materials.
  • Many employees will be interviewed about their role in the organization and ensuring that they’re aware of Anti-Bribery protocols and policies.
  • The auditor will review various resources (online, etc.) to determine if the organization has been involved in an alleged incident of bribery.

Benefits of ISO 37001: 2016 Certification

There are numerous material and intangible benefits to pursuing certification to ISO 37001: 2016. These includes

Detection of Bribery Risks – Implementation of measures to prevent and control bribery risk

  • Overall improvement of risk assessment
  • Recognition – Certification by ISO attests to the adoption of international best practices on Anti-Bribery Management.
  • Compliance with local and international legal requirements and industry standards.

Business Confidence – Implementation of the ISO 370001 Standards engenders cooperation on the basis of trust

  • International partners have increased confidence
  • Auditors and implementers trained on the Standard are more likely than their untrained counterparts to implement and maintain a reliable management system.

Core Reduction – Implementation of strict financial controls, Separation of duties,

  • Independent financial audits, restriction on the use of cash, payment approvals.
  • Transaction Tracking.

Minimization of Conflict on Interest – Communication of consequences for involvement in bribery

  • Organizational effectiveness
  • Improvement in the bottom line
  • Exposure of fraud and due diligence.

Adoption of Anti-Bribery Culture – Awareness and training aspects of the Anti-Bribery Management System promotes Anti-Bribery culture

  • Improve Moral
  • General Performance Improvement.

The Standard Benefits an Organization By Providing – Minimum requirements and supporting guidance for implementing or benchmarking an anti0bribery management system.

  • Assurance to management, investors, employees, customers, and other stakeholders that an organization is taking reasonable steps to prevent bribery
  • Evidence in the event of an investigation that an organization has taken reasonable steps to prevent bribery.
  • Providing assurance to outside stakeholders that the organization takes business ethics seriously and works to promote a culture of honesty and trustworthiness.
  • Provides a means to select reliable parties in regions or industries with a reputation (deserved or not) for bribery and corruption.
  • Can lead to overall cost reductions.
  • Prevention of conflict of interest.
  • Can be used as a resource for information in the event of an outside (governmental) investigation of an alleged bribery incident.

Why Choose TUV Austria Bureau of Inspection & Certification For Implementing ISO 37001 Requirements

Some of the leading international accreditation bodies have awarded TUV Austria Bureau of Inspection & Certification with the accreditation to offer certification to a vast range of industry sectors. For certification services, TUV Austria BIC is the preferred brand across multiple industry sectors.

Local Regulatory authorities like The Pakistan National Accreditation Council (PNAC)The Pakistan Engineering Council (PEC) also recognizes TUV Austria Bureau of Inspection & Certification as a leading certification and inspection body in Pakistan. TUV Austria BIC has earned global respect instead of its approach and service quality through its highly trained and experienced Consultants. Our professional auditors work with clients to guarantee that the requirements are successfully maintained and continuously improved to be up to customers’ expectations and the law.

In addition, to ISO 37001:2016 audits we also offer a range of complimentary services:


What are the Focus Points to Implement ISO 37001:2016?

  • Anti-Bribery Policies and Procedures
  • Anti-Bribery Risk Assessments
  • Controls to migrate Bribery Risks
  • Continuous Monitoring and Regular Audits
  • Training and Awareness on Anti-Bribery Policies and Measures

What are the Implementation Phases of ISO 37001: 2016?

  • Initial Visits & Review of the Existing System
  • Gap Analysis & Documentation
  • Training and Support for System Implementation
  • Internal Audit for Verification of Implemented System
  • Certification Audit (Stage 1 & 2)
  • Rewarding ISO 37001 Certificate to the Organization.

Who can Avail ISO 37001 Certification

Any Size of organization can avail ISO 37001

  • Manufacturing Units
  • Educational Institutes
  • Hospitals
  • Retail Outlets

How Will ISO 37001 benefit an Organization?

It’s a risk management tool and brings assurance to stakeholders that an organization is taking reasonable steps to prevent, detect, and appropriately manage bribery risk.

Does conformity with ISO 37001 guarantee that Bribery will not occur?

No, ISO 37001 cannot provide assurance that bribery will not occur in an organization. it can help the organization to prevent, detect and respond to v=bribery risk, and strengthen the anti-bribery culture.

Can an organization be credited to IS0 37001?

Yes. ISO 37001 is a requirements standard, making it capable of independent certification.

Would you mind sending an Enquiry so we can assist you in getting certified?

Send Enquiry