In the age of transparency, no organization can afford to take the risk of bribery lightly. Investors, business associates, personnel and shareholders all need to be assured that you have made every possible effort to prevent bribery at all levels of the organization. Implementing the new ISO 37001 standard and certification through an independent third party such as DQS enables you to do exactly that – here’s how!
The ISO 37001 standard, published in October 2016, is designed to help an organization implement and maintain a proactive anti-bribery system. The standard, which replaced the British Standard 10500, provides a number of requirements that represent globally recognized good practice for anti-bribery. It deals with bribery by the organization and bribery of the organization.
During the development of the standard, a question that has been hotly debated is whether ISO 37001 should be a certification standard (like for example ISO 9001 and ISO 14001) or a guidance standard (like ISO 26000). Due to the demands of the markets, ISO has eventually chosen to develop ISO 37001 as a certification standard, meaning that independent certification bodies such as DQS can perform certification audits to confirm that organizations meet the requirements of the standard.
What ISO 37001 can do for you
The standard provides minimum requirements and supporting guidance for implementing an anti-bribery management system. Implementing a system in accordance with the standard considerably reduces the risk of malpractice, by installing control points where appropriate. In addition, ISO 37001 not only focuses on preventing bribery, but also on dealing with it effectively if it occurs.
After implementing the requirements of the standard, certification to ISO 37001 provides assurance to management, investors, business associates, personnel, and other stakeholders that your organization has done all that can reasonably be expected to eliminate bribery. In cases of disputes, certification can be used as evidence of due diligence. As such, the certification helps you meet the needs of your stakeholders and can give you a competitive edge.
Importantly, ISO 37001 is based on the principle of proportionality, which means that the anti-bribery measures must be proportionate to the size of the organization, the location and sectors in which it operates, as well as the scale and complexity of its activities. This makes the standard equally suitable for SMEs, which may not always face the same bribery risks as more complex organizations.
The ISO 37001 standard follows the same structure as ISO 9001, ISO 14001 and ISO 45001 and can easily be integrated into existing management systems.
What ISO 37001 requires you to do
In order to comply with ISO 37001, organizations must implement a number of measures, which can be summarized as follows:
- Define an anti-bribery policy and program for your organization
- Communicate the policy and programme to all stakeholders, ranging from employees to business associates such as suppliers, shareholders, investors, consultants, etc.
- Appoint a compliance manager to supervise the program
- Provide anti-bribery training to staff.
- Assess bribery risks, including appropriate due diligence.
- Take reasonable and proportionate steps to ensure that controlled organisations and business associates have implemented appropriate anti-bribery controls. This applies for example to your supply chain.
- Verify as far as reasonable that staff will comply with the anti-bribery policy.
- Verify that gifts, hospitality, donations and similar benefits comply with the policy
- Implement appropriate financial, procurement and other commercial controls so as to help prevent the risk of bribery
- Implement reporting and whistle-blowing procedures.
- Investigate and deal appropriately with any actual or suspected bribery.
The Certification Process: Here’s how it works
The audit can be conducted whenever you feel ready. The duration of the audit depends on the size of the site and the complexity of the processes, but is always at least 1 day. After a successful certification audit, you obtain an ISO 37001 certificate with a validity of three years. You also obtain the right to use the GC-Mark label “Verified Anti-Bribery Management”, which you may use for communication purposes. To maintain certified status, surveillance audits take place in yearly intervals.