Proactively managing bribery risk is both critical to business success and a legal necessity. Companies and other organizations face a dynamic, changing legal and operational landscape as more countries adopt and enforce anti-bribery laws. Today, offering, soliciting, or providing a bribe is illegal in virtually every country, whether to a commercial establishment or public official, and whether directly or indirectly through a third party.
As a result, organizations must address compliance within their own operations and among their business partners. With that goal in mind, businesses and other stakeholders from around the globe developed a certifiable anti-bribery management systems standard, ISO 37001:2016. Published by the International Organization for Standardization (ISO) in October of 2016, ISO 37001 is the first global standard on anti-bribery compliance. The standard was drafted to help organizations—public, private, and non-profit—reduce risk and costs related to bribery by providing a business framework for preventing, detecting and addressing bribery.
What is ISO?
The International Organization for Standardization is a global non-governmental organization that develops and publishes international standards. Since the organization’s founding in 1947, ISO has published more than 22,000 international standards. The organization’s members include national standards bodies from 161 countries.
ISO 37001 follows the format or “high level structure” of other ISO management systems standards, including ISO 9001 (Quality Management), ISO/IEC 27001 (Information Security Management), and ISO 45001 (Occupational Health and Safety). In ISO parlance, a “management system” describes the set of procedures an organization must follow in order to meet its objectives. Following a standard derived from best practices for management systems can have several benefits, including more efficient use of resources, improved risk management, and consistency across an organization.
What Is ISO 37001?
The standard was developed through a multi-stakeholder, consensus-based process. Drafting took place over the course of four years by a committee that included 56 country delegations and delegations from seven liaison organizations made up of experts from companies, the legal and audit communities, academia and government. The standard is informed by and builds on existing guidelines in the area of anti-bribery compliance, including, among others, the U.S. Federal Sentencing Guidelines , the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Resource Guide to the U.S. Foreign Corrupt Practices Act , the U.K. Ministry of Justice Bribery Act 2010 Guidance , and OECD’s Good Practice Guidance on Internal Controls, Ethics and Compliance .
ISO 37001 was developed as a “requirements standard.” As such, organizations—or part of an organization—can obtain certification from third parties that their anti-bribery management systems conform to the standard’s requirements. Of course, the standard can also be used as guidance—to benchmark, assess and improve an anti-bribery program.