Anti-Bribery Standard

The International Organization for Standardization has published a new business tool designed to fight bribery. The ISO 37001 standard is the first international anti-bribery management system standard designed to help organizations combat bribery risk in their own operations and throughout their global value chains. It has the potential to reduce corporate risk and costs related to bribery by providing a manageable business framework for preventing, detecting, and addressing bribery.

Bribery is a significant business risk in many countries and sectors. In many cases, it has been tolerated as a “necessary” part of doing business. However, increasing awareness of the damage caused by bribery to countries, organizations, and individuals has resulted in calls for effective action to be taken to prevent bribery.

Many organizations have already invested significant time and resources into developing internal systems and processes for preventing bribery. ISO 37001:2016, Anti-bribery management systems – Requirements with guidance for use, is designed to support and broaden those efforts. It provides transparency and clarity on the measures and controls that organizations should be putting in place and how to implement them most effectively and efficiently.

ISO 37001 will help prevent, detect, and deal with bribery, whether such bribery is by or on behalf of an organization or its employees or business associates. Using a series of related measures and controls, including supporting guidance, the anti-bribery management system specifies requirements for:

  • An anti-bribery policy and procedures
  • Top management leadership, commitment and responsibility
  • Oversight by a compliance manager or function
  • Anti-bribery training
  • Risk assessments and due diligence on projects and business associates
  • Financial, procurement, commercial, and contractual controls
  • Reporting, monitoring, investigation, and review
  • Corrective action and continual improvement

ISO 37001 has been developed to ensure flexible use by organizations of all sizes, wherever they may do business. The bribery risk facing an organization varies according to factors such as the size of the organization, the countries and sectors in which the organization operates, and the nature, scale, and complexity of the organization’s operations. Therefore, ISO 37001 specifies the implementation by the organization of reasonable and proportionate policies, procedures, and controls.

Organizations may choose to be certified to ISO 37001 by accredited third parties to confirm that their anti-bribery management system meets the standard’s criteria. Certification (or compliance) to ISO 37001 cannot provide assurance that no bribery has occurred or will take place in relation to an organization. However, the standard can help establish that the organization has implemented all appropriate measures designed to prevent bribery.

ISO 37001 builds on guidance from various organizations, such as the International Chamber of Commerce, the Organization for Economic Cooperation and Development, Transparency International, and various governments, representing a global consensus on anti-bribery good practices.

ISO 37001 is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.

ISO 37001 does not specifically address fraud, cartels, and other anti-trust/competition offenses, money-laundering, or other activities related to corrupt practices. However, an organization can choose to extend the scope of the management system to include such activities.

Click on this ISO web page to view a 4-page brochure on the ISO 37001.
Click on this ISO web page to view a 10 slide presentation on ISO 37001.

You can preview the ISO 37001:2016 standard at this ISO web page.
The ISO 37001:2016 standard can be ordered at this ISO web page.