An estimated US$1 trillion is paid in bribes each year. Now an international standard — ISO 37001 — has been created so organizations can implement an effective anti-bribery management system.
Through institutional change and the promotion of an ethical business culture, organizations can play a significant role in the global fight against bribery.
Recognizing this, the Swiss-based International Organization for Standardization (ISO) has developed a new standard specifying a series of measures that firms should implement in order to prevent, detect and address bribery.
ISO 37001 is designed to instil an anti-bribery culture within an organization and ensure the presence of appropriate controls, which in turn should increase the chance of detecting bribery and reduce its incidence in the first place.
The benchmark is applicable to all types of organizations globally, regardless of type, size or ownership.
A company will be ISO 37001 accredited if their internal management system for detecting and eliminating bribery and corruption passes an external audit.
Steve McDonald, Head of Market Development for Risk, Americas, said: “It is not yet clear whether companies will adopt the standard to mitigate their own risk, or specifically work with suppliers who have adopted the standard as a means to reduce risk in their supply chains.
“Ideally, strategic risk assessment should happen before any suppliers are even considered, in order to ascertain where the higher risk levels are. The standard will certainly help with this.”
Implementing the standard offers several potential benefits.
First, it helps businesses to detect and address bribery risks before they negatively impact the organization, by equipping them with the tools necessary to make informed decisions about third parties.
Importantly, the standard could also deliver a competitive advantage, since it sends a clear message to investors, stakeholders and partners that the company will not tolerate bribery and corruption within its supply chain. Stakeholders are therefore assured of regulatory compliance.
Furthermore, the standard has the potential to boost operational efficiency and demonstrate a company’s commitment to good corporate citizenship.
Steps to implementation
The key steps to implementing the ISO 37001 standard are summarized as follows:
Companies can work with trusted partners to navigate the process of implementing ISO 37001.
Third Party Risk solutions can help by:
- Maintaining internal controls and policies
Our solution tracks employee disclosures regarding gifts, donations, and conflicts of interest, while also monitoring personal trading, including pre and post-trade workflow to identify suspicious behavior.
- Rolling out anti-bribery training courses
We offer a library of interactive courses and micro-learnings designed to meet compliance training needs, plus a full range of customization options to manage training programs with audit-ready reporting to demonstrate compliance.
- Carrying out initial bribery risk assessments against third parties
World-Check risk intelligence can be integrated into new or existing questionnaire on-boarding platforms and risk analytics. We also provide a country-focused risk index that ranks more than 240 countries around the world according to their risk level to identify situations where enhanced due diligence on third parties could be appropriate.
- Understanding a third party and its associates
Companies can conduct initial due diligence by screening third parties against World-Check, a database of three million profiles related to corruption, exploitation, sanctions, watch lists, fraud, organized crimes and personally exposed persons (PEPs).
- Conducting due diligence
We offer in-depth due diligence reports on individuals, entities, and their ultimate beneficial owners. Our analysts are trained in proven due diligence techniques to gather hard-to-reach information from open sources, subscription-based services, and public records and documents.
- Ongoing monitoring
Our Screening Resolution Service provides outsourced screening, remediation and ongoing monitoring in the form of a managed service for clients’ third party risk assessments and onboarding.
A waiting game
The question remains whether or not the industry will adopt ISO 37001.
McDonald concludes: “An important point to remember is that this is a standard and therefore adherence offers no 100% guarantee against bribery and corruption.
“The industry is divided and whether or not everyone accepts ISO 37001 as useful remains to be seen.
“What it does provide is evidence that an organization has taken reasonable steps to prevent these sorts of risks from entering their business, and this will be taken into consideration in the event of an investigation relating to bribery.”