ISO 37001 Certifications
Anti-bribery Management Systems

What is ISO 37001

ISO 37001, published in 2016 as a Type A management system standard (MSS), defines and guides the establishment, implementation, monitoring, maintenance, and continuous development of an ABMS.

An ISO 37001-based ABMS is designed to assist organisations in successfully preventing, detecting, and responding to bribery. The criterion does not apply to other types of corruption, such as fraud. The standard’s requirements are generic and apply to all organizations, regardless of style, size, or industry. (public, private, or not-for-profit). Additionally, ISO 37001 can be used to combat bribery by or on behalf of the company, as well as direct and indirect bribery.

History of ISO 37001

The UK Bribery Act was passed in 2010. It made the failure of an institution to avoid bribery a criminal offence. However, the organisation’s defence was that it had adopted adequate anti-bribery procedures. As a result, efforts to create an anti-bribery standard began. The British Standards Institution (BSI), the UK’s national standards organization, published the BS 10500 Anti-bribery Management System in 2011. It was created for organisations in the public and private sectors that wished to implement adequate anti-bribery procedures. The ISO 19600 Standard for compliance management systems was released in 2014. However, this was not a certifiable requirements standard, but rather guidance to assist a company in implementing a compliance programme.

According to Neill Stansbury, one of the project’s initiators, the only way to achieve an international breakthrough was to have a certifiable international anti-bribery requirements standard.

Work began on developing ISO 37001 as a standard for any sort of entity. This included private businesses and government agencies, as well as non-governmental groups. (NGOs). Parallel to this, a special committee assured coordination with the pre-existing ISO 19600 compliance standard. ISO 37001 replaced the BS 10500 specification in 2016.

The latest version of 37001

ISO 37001 is intended to provide “requirements with guidance for use for a management system designed to assist an organisation in preventing, detecting, and responding to bribery and complying with anti-bribery laws and voluntary commitments applicable to its activities.” (ISO 2016). In other words, it specifies the minimal requirements as well as the associated guidance for implementing or improving an anti-bribery management system. It is a risk control tool for corruption. It enables a company to take reasonable measures to avoid, detect, and control bribery risks.

Use of ISO 37001 can help improve the business environment, good governance, and development issues

ISO 37001 seeks to reduce the risk of bribery throughout the global value chain. The advantages of adopting ABMS in your organisation are as follows :

  • Recognizing and managing the bribery risk, as well as other risks such as image risk
  • Developing minimum standards and supporting guidelines for implementing or measuring the efficacy of an anti-bribery management system
  • Demonstrating to the organisation’s governing body, management, investors, staff, customers, regulators, and other stakeholders that sufficient measures are being taken to avoid, detect, and address bribery
  • Reducing the likelihood of bribery in connection with the organisation’s operations
  • Increasing the organisation’s standing, image, and brand while also promoting its long-term viability
  • Boosting the organisation’s reputation, image, and identity while also promoting its long-term viability

ISO 37001 Structure (ABMS)

Scope

This document specifies requirements and gives advice on how to set up, execute, keep, review, and improve an anti-bribery management system. The system can operate independently or as part of a larger administration system.

In relation to the organisation’s activities, this document discusses the following:

Bribery in the public, private, and non-profit sectors:

⮞ bribery by the organisation
⮞ bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
⮞ bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
⮞ bribery of the organisation
⮞ bribery of the organisation’s personnel in relation to the organisation’s activities
⮞ (e.g. a bribe offered or accepted through or by a third party).

This paper only applies to bribery. It specifies the requirements and provides advice for a management system intended to assist an organisation in preventing, detecting, and responding to bribery, as well as complying with anti-bribery laws and voluntary commitments relevant to its activities.

This document does not explicitly address fraud, cartels and other anti-trust/competition violations, money-laundering, or other corrupt practices, though an organisation may choose to broaden the scope of the management system to include such activities.

This document’s requirements are generic and meant to apply to all organisations (or sections of organisations), regardless of type, size, or nature of activity, and whether in the public, private, or not-for-profit sectors.

Terms And Definitions

Context Of The Organisation : Consider the combination of internal and external events and conditions that are relevant to the organization’s ABMS objectives.

Bribery : Offering, giving, accepting, or soliciting an undue benefit of any value as an inducement or reward for a person acting or refraining from acting in regard to the performance of that person’s duties, in violation of applicable law.

Governing Body : The group or entity that has ultimate responsibility and authority for an organization’s actions, governance, and policy, and to which top management reports and is held accountable.

Business Associate : An outside party with whom the organisation has or seeks to build a business relationship.

Public Official : Not all instances will exist in all jurisdictions, although they may include members of legislative bodies, executive officers, and the judiciary at the national, state/provincial, or municipal levels.

Documented Information : Information that an organisation must control and preserve, as well as the media on which it is stored. It can take any form.

Non Conformity And Corrective Action : Noncompliance with a requirement and the action taken to eradicate the source of the nonconformity.

Context Of The Organisation

To determine the goals and parameters of its anti-bribery management system, a company must first examine its internal and external context. (ABMS). This encompasses the organisation’s size and structure, its partners, its legal environment, and so on. The design of the ABMS, as well as its scope and limits, should be in line with the requirements and expectations of stakeholders.

Once the design of the ABMS has been determined, the company should conduct a risk analysis to find and assess existing risks to the organisation. Based on the organisation’s context and risk analysis, the organisation can create a’reasonable’ and ‘proportionate’ (ISO 2016) ABMS.

Bribery risk assessments should be conducted on a regular basis in order to discover, analyze, assess, and prioritise those risks. This will also guarantee that the organisation is capable of mitigating identified bribery risks.

The criteria for assessing risk levels should take into account the organisation’s policies and goals.

All procedures involved in the design, implementation, and operation of the ABMS should be documented by the organisation.

Leadership

The standard distinguishes explicitly between roles within the organisation. The governing committee is in charge of overseeing the ABMS by approving the ABMS and the anti-bribery policy; ensuring that adequate resources are allocated to the ABMS; and reviewing operational information. Top management ensures that the ABMS is properly developed and implemented. It should take steps to improve the system’s efficacy, not only financially, but also by fostering a ‘appropriate anti-bribery culture within the company.’ (ISO 2016: 8).

Top management should “demonstrate its leadership in preventing and detecting bribery” (ISO 2016: 8) by promoting reporting measures and providing safeguards for employees who report violations.

Planning

The context of the organization, the needs and expectations of stakeholders, the requirements for bribery risk assessment, and opportunities for growth all influence planning.

Good planning takes into account goals, actions and resources required, various levels of responsibility, results reporting and evaluation, and a strategy for sanctions and penalties.

The company should also plan actions to handle bribery risks and assess their effectiveness.

Support

The company should appoint enough competent individuals to guarantee the ABMS’s performance. Employees throughout the company should be aware of anti-corruption policies and adhere to the ABMS. To guarantee compliance, the organisation should implement a disciplinary system.

The company should review incentivising elements to prevent bribery risks and perform due diligence on new employees for all positions exposed to more than a low bribery risk. Any individual at risk, including top management and the governing body, must sign an anti-bribery compliance declaration.

The company should put in place an anti-bribery awareness and training programme for all employees. This will be updated on a regular basis, giving information on the ABMS, bribery and bribery risks, prevention, and so on. Training will be made available to partners and parties as needed.

Internal and external communications must be pertinent to the anti-bribery management system, taking into account who, how, when, and what is communicated. Furthermore, the anti-bribery policy should be well communicated, both internally and externally, to partners who face a minimal bribery risk.

To ensure the ABMS’s effectiveness, documented information is needed. This material should be controlled by the organisation to guarantee its suitability, availability, and adequate security. (to ensure confidentiality, integrity, and proper use). Distribution, access, storing and preservation, and change control are all factors to consider.

Operations

The organisation should implement procedures to satisfy ABMS requirements, including specific criteria and control mechanisms. It should plan any required changes and assess their implications. (with mitigation actions in case of adverse effects).

Due diligence should be performed for related categories of transactions, projects, or activities, as well as relationships with partners and personnel involved, where a bribery risk assessment has revealed more than a minimal bribery risk. This due diligence is a method of collecting data on particular bribery risks; it should be updated on a regular basis.

To manage bribery risks, the company should adopt both financial and non-financial controls. This could be in procurement, human resources, legal and regulatory operations, and so on. All entities under the organisation’s authority (such as subsidiaries, branches, and divisions) should adopt ABMS-related processes. This should be in addition to their existing anti-bribery measures. (so long as these are reasonable and proportionate to the bribery risks the controlled entity faces).

The company should review the adequacy of their anti-bribery controls for partners and entities not controlled by the organisation that face more than a minimal bribery risk. If their controls are inadequate, the organisation should compel its partners to implement anti-bribery controls for organisation-related activities. If this is not feasible, the organisation should include this in its bribery risk assessment. It should also specify how such dangers will be dealt with.

The company should have procedures in place for partners who pose a higher bribery risk than a low bribery risk. A promise by that partner to prevent bribery or the termination of the relationship in the event of bribery are two examples. Furthermore, if current anti-bribery controls cannot manage bribery risks linked to partners and it is not possible to upgrade the controls or otherwise reduce the risks, the organisation should terminate or suspend the project or relationship as soon as possible. If a new plan emerges that cannot be adequately controlled for bribery, it should be declined or postponed.

In the case of gifts, hospitality, donations, and other similar benefits, the company should put in place procedures to prevent the offering, provision, or acceptance of those benefits when they “could reasonably be perceived as bribery.” (ISO 2016: 39).

The organisation should put in place specific procedures for raising concerns, including the ability to report issues anonymously. It should also ensure confidentiality, protect whistleblowers, promote honest reporting, and allow personnel to seek assistance if they are engaged in a bribery situation. All employees should be aware of the reporting processes and how to use them, as well as their rights and protections.

When bribery or a violation of the ABMS and/or the anti-bribery policy is reasonably suspected, reported, or detected, procedures for assessing and taking suitable action should be in place. Procedures should ensure that investigators work effectively and that pertinent personnel cooperate with investigations. The organisation should guarantee that investigations and their results are kept private. The status and findings of investigations should be reported to the anti-bribery compliance function and related functions through processes.

Performance Evaluation

The company should decide who is in charge of monitoring, what needs to be monitored, how to monitor it (methods, measurement, analysis, evaluation), when to monitor, when to analyse the results, and ‘to whom and how such information shall be reported.’ (ISO 2016: 19). Appropriate documentation should be accessible to assess the ABMS’s effectiveness and efficiency. (and its monitoring and evaluation process).

Regular audits should be performed to ensure that the ABMS is being implemented effectively and that the company is in compliance with the ABMS requirements. These audits should be carried out by knowledgeable and unbiased auditors. Top management, the governing authority, and the ABMS functions should be informed of audit findings. Audits should be scheduled, with criteria and scope defined for each one. Audits should be proportionate, sensible, and risk-based. They should be used to evaluate processes, controls, and systems related to bribery risks, ABMS or anti-corruption policy violations, and ABMS weaknesses.

An independent person or a third party should be established or appointed for this procedure to guarantee objectivity and impartiality of audits.

The anti-bribery compliance function should evaluate whether the ABMS is well implemented and sufficient for managing bribery risks on a regular basis. On a regular basis, audit and investigation reports should be made accessible to the governing body and top management. (at least once a year). Top management should also review ABMS performance on a regular basis, taking into account non-conformities and corrective actions, audit results, the monitoring and evaluation process, bribery reports, investigations, the nature of bribery risks and actions to address them, and opportunities for improvement. The results of these reviews should be communicated to the governing authority, which should conduct its own periodic assessment of the ABMS.

Improvement

When a non-conformity (a violation of the ABMS) happens, the organisation should move quickly to control and correct the non-conformity, as well as deal with the consequences. Corrective measures should be proportionate to the degree of nonconformity.

Based on the documentation, a review of the efficacy of any corrective action will be required. Procedures should be in place to ensure that the organisation examines the case, determines the causes of nonconformity, and determines whether similar cases may occur in the future. Where required, changes to the ABMS should be made.The ABMS’s suitability, adequacy, and efficacy should be continuously improved.

Quality/Principles of ISO 37001

In 2016, the International Standards Organization (ISO) released the first global anti-bribery management system (ABMS) standard, ISO 37001, as the global standard anti-bribery plan. It contains effective elements for combating bribery and corruption, with the following essential components:

● Risk assessment for bribery and misconduct
● Board and management duties for leadership
● Human resource components include the selection and training of employees who have been exposed to bribery and corruption
● Organizational and individual anti-corruption due diligence
● Anti-bribery and corruption policies; gifts and hospitality
● Donations and supportControls, both financial and non-financial, for the discovery and prevention of corrupt practises
● Supply network reliability
● Whistle-blowing
● Monitoring, reviewing, and enforcing

This ISO standard demonstrates to clients, investors, and business partners that your organisation has implemented the programs, systems, and controls that strengthen your business defences and fortify the integrity of your business operations against unmitigated losses resulting from corruption or corporate liabilities.

This certification is typically the final stage in your integrity-building efforts. Don’t worry, we’ll walk you through the review and implementation steps to acquire your ISO 37001 certification.

Know all about ISO 37001

Terms Associated With ISO 37001

  • Bribery : In violation of applicable law, offering, promising, giving, accepting, or soliciting an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and regardless of location(s), as an inducement or reward for a person acting or refraining from acting in relation to the performance (3.16) of that person’s duties.
  • Organisation : A person or collection of people with their own functions, responsibilities, authorities, and relationships to accomplish their goals

    The term “organization” encompasses, but is not limited to, a sole trader, a business, a corporation, a firm, an enterprise, an authority, a partnership, a charity, or an institution, or any portion or combination of these entities, whether incorporated or not, public or private.

  • Interested Party : (Preferred Term)
    Person or organisation that can affect, is affected by, or perceives itself to be affected by a decision or action
  • Stakeholder : (Admitted Term)
    A stakeholder can be internal or external to the organisation
  • Requirement

    Need that is stated and Obligatory

    The fundamental definition of “requirement” in ISO management system standards is “stated, generally implied, or obligatory need or expectation.” In the framework of anti-bribery management, “generally implied requirements” are inapplicable.

    “Generally implied” indicates that the need or expectation under consideration is implied by tradition or common practise for the organisation and interested parties.

    A specified requirement is one that is mentioned, such as in documentation.

  • Management System
    A collection of interconnected or interacting elements within an organisation that establishes policies, objectives, and procedures for achieving those objectives

    ● A management system can handle a single or multiple disciplines.
    ● The management system components include the structure of the company, roles and responsibilities, planning, and operation.
    ● A management system’s scope can include the entire organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a collection of organisations.

  • Top Management
    A person or group of persons in charge of directing and controlling an organisation at the highest level (3.2)

    Note 1: Within the company, top management has the authority to delegate authority and provide resources.

    Note 2 on the entry: If the management system’s scope (3.5) only encompasses a portion of an organization, top management refers to those who direct and control that portion of the organisation.

    Note 3 on the entry : Organizations can be organised based on the legal framework under which they must function, as well as their size, industry, and so on. Some organisations have a governing body (3.7) as well as top management, whereas others do not have duties divided into multiple bodies. When applying the requirements in Clause 5, these differences, both in terms of organisation and duties, can be taken into account.

  • Governing Body :

    Group or body with ultimate duty and power over an organisation’s (3.2) activities, governance, and policies, to which top management (3.6) reports and is held accountable

    Note 1: Not all organizations, especially tiny ones, will have a governing body separate from top management. (see 3.6, Note 3 to entry).

    Note 2: on the entry: A governing group may consist of, but is not limited to, a board of directors, board committees, a supervisory board, trustees, or overseers.

  • Anti-Bribery Compliance Function :

    Person(s) in charge of and authorised to operate the anti-bribery management system

  • Effectiveness

    The degree to which planned activities and results are realised

  • Policy

    Intentions and direction of an organization (3.2), as formally expressed by its top management (3.6) or its governing body (3.7)

  • Objective

    To be accomplished

    Note 1: An goal can be strategic, tactical, or operational in nature.

    Note 2: Objectives can be related to various disciplines (such as financial, sales and marketing, procurement, health and safety, and environmental objectives) and applied at different levels (such as strategic, organizational wide, project, product, and process (3.15)).

    Note 3 on the entry: An objective can also be stated in other ways, such as as an intended result, a purpose, an operational criterion, an anti-bribery objective, or by using similar terms (e.g. aim, goal, or target).

    Note 4 on the entry: Anti-bribery objectives are set by the organisation (3.2), in accordance with the anti-bribery policy (3.10), to accomplish specific results in the context of anti-bribery management systems (3.5).

  • Principles Of ISO 37001

    In 2016, the International Standards Organization (ISO) released the first global anti-bribery management system (ABMS) standard, ISO 37001, as the global standard anti-bribery plan. It contains effective elements for combating bribery and corruption, with the following essential components:

    ● Risk assessment for bribery and misconduct
    ● Board and management duties for leadership
    ● Human resource components include the selection and training of employees who have been exposed to bribery and corruption
    ● Organizational and individual anti-corruption due diligence
    ● Anti-bribery and corruption policies; gifts and hospitality;
    ● Donations and supportControls, both financial and non-financial, for the discovery and prevention of corrupt practises
    ● Supply network reliability
    ● Whistle-blowing
    ● Monitoring, reviewing, and enforcing

    This ISO standard demonstrates to clients, investors, and business partners that your organisation has implemented the programs, systems, and controls that strengthen your business defences and fortify the integrity of your business operations against unmitigated losses resulting from corruption or corporate liabilities.

    This certification is typically the final stage in your integrity-building efforts. Don’t worry, we’ll walk you through the review and implementation steps to acquire your ISO 37001 certification.

Documentation for ISO 37001 (ABMS)

Download PDF For Complete Documentation

The organisation must continuously improve its anti-bribery management system by maintaining, establishing, implementing, and giving documented information.

The Documents required to obtain ISO 37001

Process Of Obtaining ISO 37001

ISO 37001 is a certification standard that specifies the standards for establishing, implementing, maintaining, reviewing, and upgrading an anti-bribery management system (ABMS). Obtaining ISO 37001 certification entails multiple steps, which are listed below:

Determine your organization's ISO 37001 readiness:

Before beginning the certification process, you should analyse your organization’s readiness to implement an ABMS. Conduct a gap analysis to establish the current condition of your organization’s anti-bribery practises and to find opportunities for improvement.

Create an anti-bribery management system (ABMS) based on the gap analysis findings:

Create an ABMS that meets the ISO 37001 criteria. Creating policies, processes, and controls to prevent, detect, and respond to bribery is part of this process.

Implement the ABMS:

Once designed, the ABMS should be implemented throughout the organisation. Employees must be trained, policies and procedures must be communicated, and monitoring and reporting methods must be established.

Conduct an internal audit:

Before applying for certification, conduct an internal audit to check that the ABMS is operating successfully and satisfying the ISO 37001 standards.

Seek certification from an accredited certification body:

Once you are certain that your ABMS satisfies the ISO 37001 standards, seek certification from an accredited certification organisation. The certification organisation will conduct an external audit to ensure that your ABMS meets the requirements of the standard.

Maintain and continuously enhance the ABMS:

Once certified, maintain and consistently develop the ABMS to ensure that it stays effective and relevant to your organization’s needs.

It should be noted that the procedure of gaining ISO 37001 certification may differ based on the size, complexity, and nature of your organization’s operations. To guarantee a smooth and successful certification procedure, it is recommended that you seek the advice of an expert consultant.

Benefits of ISO 37001

You may be wondering why you need to become ISO 37001 approved for anti-bribery. There are numerous advantages, but we will only cover the most important ones. There are numerous reasons why your organisation or company should develop, implement, review, maintain, and constantly enhance an effective Anti-Bribery Management System. You will experience the following advantages with such an efficient system:

  • Building Trust And Confidence

    Companies that have implemented ABMS and acquired ISO 37001 certification find it much simpler to collaborate and even win more clients and business partners. People are more likely to trust businesses that have anti-bribery policies in place or a proven Anti-Bribery Management System. But how else can you demonstrate that you have a successful ABMS in place that your partners and clients can rely on?

    The ISO 37001 certification will provide you and your business partners with faith and confidence. The sooner you get it, the better, because the habit is irritating more and more people. Don’t let this vice ruin your business because getting certified doesn’t take a lot of money.

  • Resolving Bribery Related Issues And Timely Detection

    Bribery, if allowed to flourish, can bring your business or organisation to its knees. If you do not address bribery-related problems, the anti-bribery laws will undoubtedly catch up with you. Don’t put off paying the hefty penalties that your government will impose for noncompliance with anti-bribery laws.

    Early detection of bribery will assist you in taking timely actions, saving you from many other issues that may arise as a result of it. Bribery is nearly impossible to perpetrate and get away with when ABMS is on the lookout. You can depend on Anti-Bribery ISO 37001 to create and maintain an effective ABMS that will assist you in combating bribery in your organisation.

  • Maintains Integrity of The Organization

    Bribery is, without a doubt, the worst crime that can be reported from your organisation. Will you wait until your reputation is ruined before pursuing ISO 37001 certification, or will you act immediately to add value to your already excellent reputation? Remember that once you’ve ruined your image, you may never regain it, or it will take years to regain the trust and confidence of clients and other investors.

    Nothing is more essential to you or your company than a good reputation. Having an ISO certification is one of the best ways to maintain and improve your image because it allows you to avoid or limit vices like bribery.

  • Managing Funds Smartly

    Paying bribery is an expensive and wasteful practise. Can you imagine paying bribes to obtain a tender or a contract that you are qualified for? Isn’t it excruciating? The same is true for losing a tender that was granted to someone else simply because they have something to press in the tendering committee’s hands.

    Bribery can also cause problems with the authority in charge of enforcing anti-bribery legislation. If you are caught in the act, you will be fined or have your licence revoked depending on where you reside. All of this is avoided by adopting, reviewing, maintaining, and constantly improving ABMS.

Relevant Industries For ISO 37001

ISO 37001 may be adopted by any entity, large or small, in the public, private, or nonprofit sectors, and in any country. It is a flexible tool that can be tailored to the size, nature, and bribery risk of the organisation. Examples of organisations that can benefit from an ABMS system include:

Manufacturers
Distributors
Schools
Law firms
Financial institutions
Foundations
Public hospitals
Local governments

Future of ISO 37001

ISO 37001 is a standard that outlines and guides the implementation of an anti-bribery management system. The standard was first published in 2016, and it has subsequently garnered significant acceptance in organisations worldwide. ISO 37001 has a bright future, and various developments are likely to influence its evolution:

Adoption is increasing:

As the risks and consequences of bribery become increasingly evident, more organisations are expected to adopt ISO 37001. The standard establishes a thorough framework for bribery risk management and can assist organisations in demonstrating their commitment to ethical business practises.

Continued development:

Because ISO 37001 is a relatively new standard, there will almost certainly be more development as organisations acquire more experience applying it. This could include the creation of new best practises or extra information on specific anti-bribery management challenges.

Greater integration:

As organizations embrace more management system standards, there will be more integration between ISO 37001 and other standards such as ISO 9001 (quality management) or ISO 14001 (environmental management). This could assist organizations in improving the efficiency and alignment of their management systems.

Third-party certification:

As organizations attempt to demonstrate compliance with anti-bribery laws and regulations, third-party certification to ISO 37001 is anticipated to become increasingly relevant. This could result in more stringent certification systems and increased standardization of the certification process.

Overall, the future of ISO 37001 appears bright, with rising adoption, ongoing development, better interaction with other management system standards, and the growing importance of third-party certification.

Joining Over SIS Certifications Best ISO Certification Agency

  “We do not sell, We certify.”