ISO37001 the latest international bribery prevention tool by John Burbidge-King
by Heather Dandridge 05-Jan-2017 at 14:23
New Year – ISO37001 the latest international bribery prevention tool by John Burbidge-King
In October 2016, the International Standards Organisation published ISO37001, the anti-bribery management system. It was developed by more than 37 countries including China, from the EU, UK, USA, Malaysia, Mexico; the OECD and other civil society organisations.
Entities of all sizes, in the private, public and third sectors, will derive benefit from implementing ISO37001. It will substantially improve an organisation’s governance and its sales/supply sides business processes. If certified ISO37001 provides independent evidence to all its stakeholders of a substantive and embedded anti-bribery system. (e.g. it incorporates the key principles of the Ministry of Justice Guidance to the UK Bribery Act 2010.)
Many organisations already have ISO management systems such as on quality, safety, cyber, the environment, and others. ISO37001 fits neatly into these recognised management processes and it can be incorporated into the same Business Management System. Given its far reaching remit, ISO37001 may also catalyse action in other vulnerable areas such as fraud and the UK Modern Slavery Act – especially in supply chains.
Bribery is a significant business and political risk in many countries especially where bribes are embedded in the culture indicated by phrases such as "a necessary part of doing business", or "that's the way we do things in our country". But rising public awareness of the societal, financial and market damage caused by bribery, (accelerated by instant global and social media) has resulted in a wake-up call for effective action to be taken to expose, prosecute and prevent bribery and corruption.
While naively, many organisations ignore bribery risk or wait for the police to knock on their door ("they won't catch us!") the increasing use of Big Data and other crime busting tools to combat serious organised crime are now deployed to bring errant organisations into the cross hairs of the enforcement community. Weight has been added by the recent introduction of new tougher national bribery laws such as in France, Kenya and others. Prosecutions are rising world-wide; especially in the UK, China and the USA - where more than 50% of US enforcement actions are against non-US companies; the fines run into tens of millions and for those individuals convicted, a recovery of the proceeds and a term in gaol awaits them.
Good anti-bribery governance is not just about avoiding prosecution. ISO37001 delivers beneficial changes to organisational attitudes towards governance, the compliance culture and commercial processes. It provides a risk based approach and assessment process for those organisations with an international reach or for UK companies aspiring post BREXIT to sell outside the EU, where they may be venturing into higher risk of corruption markets and sectors.
Flowing down from the leadership team and embraced by management, ISO37001 covers all business functions including commercial, financial and operational. It can be implemented globally bringing consistency in the corporate compliance approach whilst encompassing relevant local legislation. Although standards are neither jurisdiction nor regulation specific, they do require each certified organisation to comply with relevant anti-bribery legislation and other pertinent law or regulation.
Compliance with ISO37001 cannot provide absolute assurance that an isolated bribery incident will not occur. But it will positively change an organisation’s ethics culture and demonstrate to others be they employees, business partners, customers, suppliers, shareholders or law enforcers, that it has implemented reasonable and proportionate measures to prevent bribery wherever it operates in the world. In so doing it will underpin its long-term sustainability, protect its reputation and that of its stakeholders while gaining competitive advantage in tenders where ISO37001 is a mandated requirement.