According to Transparency International, 68% of countries worldwide have a serious corruption problem, and not one single country in the world is completely corruption-free.The most commonly reported business ethics issues are bribery, fraud and money laundering. These are applied to various business sectors.
Nonetheless, unethical practices harm businesses as it reduces credibility and profits when professionals misuse their positions for personal gain.
One of the most anticipated standards in recent years was recently launched; it is the ISO 37001 and it stands for an anti-bribery management system which helps companies prevent bribery in their operations and practices, as well as in activities of business partners.
The Standard defines bribery as “offering, promising, donating, accepting or soliciting an undue advantage of any value (which may be financial or non-financial), directly or indirectly, independent of location(s), in violation of applicable laws, as an incentive or reward to a person who is acting or failing to act in relation to the performance of his obligations”. The standard makes it clear however, that this is a generic definition and the term bribery is defined by the applicable laws of each country.
As quoted in the scope of ISO 37001, the Standard specifies requirements and provides guidelines for the establishment, implementation, maintenance, critical review and improvement of an anti-bribery management system. The Standard addresses the following items:
- bribery in the public, private and non-profit sectors;
- bribery by the organization;
- bribery by the organization’s personnel acting on behalf of the organization or for its benefit;
- bribe by the business partner of the organization acting on behalf of the organization or for its benefit;
- bribery of the organization;
- bribery of the organization’s personnel in relation to the activities of the organization;
- bribing the organization’s business partner in relation to the organization’s activities;
- direct or indirect bribery (for example, a bribe offered or accepted through or by a third party)
ISO 37001 is comprised of the common template for all new versions of ISO Standards, the Annex SL, so it is easily integrated with other management system standards such as ISO 9001:2015, ISO 14001:2015 and ISO 45001. Let’s go over the standard’s main points.
Understanding the organization and its context
As with other management norms that present the same concept of organization context, in ISO 37001 the context of the organization regarding the practices, policies, procedures and the effect that bribery has on business should be taken into consideration and evaluated.
Risk assessment of bribery
The Standard defines that a risk assessment of bribery should be implemented within the management system in order to identify, evaluate and implement controls on such risks. For example, an organization may have direct interaction with a public agent, thus increasing risks. This must be evaluated and controlled in the management system.
ISO 37001 defines that anti-bribery policy must be established, implemented, maintained and analyzed critically. The main points of the policy are: prohibition of bribery, compliance with applicable legislation, a commitment to encourage the raising of concerns about bribery, among others.
Anti-bribery compliance function
The anti-bribery compliance function should be assigned to ensure the oversight of the management system, the provision of guidelines on bribery issues, and reporting on the performance of anti-bribery processes to top management.
Also applicable is the due diligence tool, which is defined in the Standard as: “process to further assess the nature and extent of bribery risks and to help organizations make decisions regarding transactions, projects, activities, business partners and specific personnel”. According to the definition, this tool is used when more than one risk of bribery is identified in specific processes, identified as transactions, projects, relationships with business partners, etc.
Anti-bribery controls should be implemented according to the context of the organization, risk assessment, relationships with business partners, and others. These processes should be implemented to mitigate the risks of bribery in the organization and especially to curb bribery in organizational practices and processes.
ISO 37001:2017 standard helps build a stronger society by combating corruption. All entrepreneurs who want to contribute in this challenge but do not know how, the implementation of an anti-bribery system is a first step.
QMS is a Certified Certification Body to audit and certify organizations in ISO 37001, if you are interested, CLICK HERE, and contact us right away to help you with this challenge.