In today's global economy, few companies are wholly self-contained. As multinational companies across all industries are becoming increasingly reliant upon third-parties to do business, the risk of corruption by these business partners has become an area of growing concern. Case in point: more than 90% of reported Foreign Corrupt Practices Act of 1977 (FCPA) cases involved third-party intermediaries, according to the EY 12th Global Fraud Survey. These cases illustrate the need for companies to improve compliance efforts and continually manage corruption risks in global supply chains.
For companies concerned about third party risks, among others, a new standard published in October by the International Organisation for Standardisation (ISO) – ISO 37001 Anti-Bribery Management Systems – provides guidance as to the management systems that companies should have in place to prevent, detect and remediate bribery among their own operations and by business partners.
ISO 370001 requires companies to implement a series of measures, among them adopting an anti-bribery policy, requiring senior or "top" management and board-level leadership, and appointing a senior-level person or group to oversee the anti-bribery program. Companies are also required to undertake bribery risk assessments and due diligence on business partners and transactions, provide training, monitor implementation of the program, and take corrective action to work toward continual improvement.
The standard was developed over the course of three years by a group of global experts and stakeholders. Fifty six country delegations and seven liaison organizations were represented at the negotiating table. The goal of ISO 37001 is to establish a detailed, auditable framework for companies (and public entities and non-profit organizations) to utilize in the development of robust anti-corruption compliance programs.
What makes ISO 37001 different? First, the standard contains a level of detail and degree of transparency not covered in existing guidance. Second, it's written in plain business language to make it easier for companies to understand and implement. As noted above, it also represents input and buy-in from a broad range of experts across industries and around the world.
The standard is applicable to organizations of all sizes globally, and was developed to be in line with existing internationally recognized guidance such as the International Chamber of Commerce, the Organization for Economic Cooperation and Development, Transparency International and a number of governments. As a 'management systems' standard, it follows a similar framework as other ISO management systems standards, such as ISO 9001 (quality management) and 27001 (information security) for easier integration into existing business processes by companies who are already using or familiar with these ISO standards.
Similar to other ISO management systems standards, ISO 37001 is a "requirements" standard, and as such, organizations can seek third-party certification on a voluntary basis, through certifying bodies that are accredited to certify conformity specifically to ISO 37001.
Companies may utilize ISO 37001 compliance as a barometer to measure the anti-bribery compliance systems of their business partners as a part of the company's own due diligence efforts prior to engagement. Further, to the extent that a concern arises in an existing third-party relationship, companies may request ISO 37001 certification as a means of corrective action.
Global supply chains are now an accepted part of the business landscape. Many factors determine whether a company will be perceived as an attractive partner, including its reputation for integrity. For many companies, the benefit of adopting a standard such as ISO 37001 lies in its demonstration of conformance to a recognized norm. Organizations that respect and align with an internationally-accepted anti-bribery standard are more likely to attract business partners, investors and consumers.
For more information on ISO 37001, including key considerations for companies, please see the latest eBook by the Center for Responsible Enterprise and Trade (CREATe.org) – Top Ten Takeaways of the New ISO 37001 Anti-Bribery Management Systems Standard. It can be downloaded here.