In October 2016, ISO launched ISO 37001, a new standard on Anti-Bribery management system.
ISO is the International Organization for Standardization and has already developed various voluntary international standards focused on sustainability topics, such as ISO 14 001 on Environment Management or ENV 27 001 on Information Security.
What is ISO 37001?
ISO 37001 is a certification standard, meaning that independent certification parties can perform certification. It helps organizations to implement an anti-bribery management system. Anti-bribery is defined by law; therefore, the Standard does not provide an independent definition of bribery but guidance on what is meant by bribery. For example, the UK government defined Bribery with their Bribery Act 2010-[1]. The act states that “Very generally, [Bribery] is defined as giving someone a financial or other advantage to encourage that person to perform their functions or activities improperly or to reward that person for having already done so”
The standard covers bribery of the organization and by the organization.
ISO 37001 specificity is that it is based on the principle of proportionality, which means the measures must be proportionate to the size of the organization, the location and sectors in which it operates, as well as the scale and complexity of its activities.
What are the benefits of such standard?
Globally, this standard shows that there is a global recognition that such topics need to be addressed, as well as a global agreement on how they should be addressed. The implementation of the standard should hopefully lead to less corruption and a fairer world.
Regarding companies, fighting bribery and corruption is important as it will reduce legal risks (like trials and fines) and reputation risks (due to any corruption scandal that can decrease the trust of stakeholders and their satisfaction). On the contrary, it can give assurance to stakeholders that the organization is willing to tackle to such topics, and can be a competitive advantage.
What does the standard require?
A series of measures and controls to help prevent, detect, and address bribery, among them:
- “Assessment of bribery risks, including due diligence.
- Implementation of an anti-bribery policy and program.
- Identification of a compliance function to monitor the program
- Communication of the anti-corruption policy to associated persons (joint venture partners, sub-contractors, suppliers, consultants etc.)
- Training for personnel and associated persons
- Verification that employees comply with the anti-bribery policy.
- Monitoring of benefits given by the organization (gifts, hospitality, donations…) to ensure that they do not have a corrupt purpose.
- Implementation of controls to prevent bribery risk
- Implementation of whistleblowing procedures
- Process to detect bribery and to deal with any actual or alleged bribery.”[2]
If you don’t wish to be certified, you can still implement the actions listed in the standard to address the bribery risks. Indeed, implementing such practices help mitigate risk, provides more information which can be disclosed in sustainability reporting, to address stakeholders’ requests and reinforces the overall CSR program of a company, and. You can read our checklist on how to better structure your CSR program.
If you have any question, you can contact us at or consult additional resources. http://www.iso.org/iso/fr/catalogue_detail?csnumber=65034, http://www.ethic-intelligence.com/blog/11179-iso-37001-will-implications/
[1] http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-quick-start-guide.pdf
[2] http://www.ethic-intelligence.com/blog/11179-iso-37001-will-implications/
