ISO 37001 – A new anti-bribery benchmark for business and prosecutors
In October 2016, the International Standards Organisation (“ISO”) published a new standard for anti-bribery management systems (ISO.org).
ISO 37001 is designed to help organisations “establish, implement, maintain and improve” their anti-bribery compliance programs. The adoption of a global standard, not specific to any industry and with input from multiple countries, reflects a growing trend towards international cooperation in the investigation and enforcement of breaches of anti-bribery legislation and the growing harmonization of regulatory standards in this area.
ISO 37001 follows the general stance taken by the authorities in the US and UK that a “one size fits all” approach is not effective. Instead it advocates a risk-based approach, allowing for anti-bribery procedures to be tailored to the specific risks that an organization faces. It is designed to be widely applicable, targeting organizations in both the public and private sectors, and both large companies and SMEs.
All organisations should already have in place some form of anti-bribery protocol. Management buy-in and commitment is crucial. For those who have yet to take this step this new standard provides a good guideline for a robust internal system. It will also be useful for those organizations looking to upgrade and fine-tune their procedures by providing those responsible for compliance with a tool to verify that their compliance procedures are in line with global best practice. Many enforcement authorities will look more leniently upon an organization that can demonstrate that they have an adequate anti-bribery program in place that is being implemented properly. Such procedures are crucial if an organization is looking to defend a prosecution under section 7 of the UK Bribery Act for failure to prevent bribery. An ISO-certified program could assist in proving that its procedures were adequate and adhered to.
A further benefit brought by the introduction of a global standard is that it will assist companies in assessing the compliance programs of their suppliers, agents and other third parties, complementing (rather than replacing) other forms of due diligence. It may also provide staff on the ground with an additional weapon to resist the payment or acceptance of bribes, by pointing to their organization’s certified status.
It remains to be seen whether the standard will gain widespread adoption but, with the trend towards more stringent enforcement of anti-bribery legislation, we anticipate that the business community will welcome an objective standard by which to judge their, and their business partners’, compliance programs. There is also likely to be a cascade effect, with public-sector organizations being the first to adopt, which in turn will prompt companies in the private sector to adopt the standard so that they can win public-sector business.
ISO 37001 is indicative of the global trend towards a consistent global approach to anti-corruption, raising standards to that of those countries that have the most strict anti-corruption legislation. We will be keeping an eye on developments in this area and will publish a further update once the adoption and implications of the standard become clearer. In the meantime, ISO37001 provides a timely reminder for all organizations to reconsider whether their anti-bribery protocols and procedures still meet the needs of their business: it need not be a time-consuming or expensive process and it is crucial to ensure that the necessary policies and procedures are in place before an organization comes under the spotlight of an investigation. Ince & Co has broad experience in advising clients operating in diverse sectors, and of various sizes, in adopting appropriate anti-corruption policies and procedures.