Topics Covered: Compliance & Ethics

Compliance & Ethics

TOPICS COVERED // Corruption & Strategy

ISO 37001 is being developed as a require-

ments standard. As such, companies
will be able to obtain certification from
accredited third parties that their anti-
bribery management systems meet the
standards criteria. As happened with the
ISO 9001 Quality management systems
standard, many businesses will likely
place a high value on ISO 37001 certifica-
tion, and may look for their value chain
participants to do the same.

The standard builds on guidance from

various organizations, such as the Inter-
national Chamber of Commerce, the Or-
ganization for Economic Cooperation and
Development, Transparency Internation-
al and various governments representing
a global consensus on anti-bribery lead-
ing practices. It is intended to apply to
organizations of all sizes, wherever they
may do business.

Significantly, ISO 37001 is written in plain

English, not legalese, largely by business
people for use by business people. With
its operational emphasis and risk-based
approach, it fills an existing void by speci-
fying a series of required anti-bribery
measures and controlsreasonable and
proportionate to the organization and its
risksand also provides practical guid-
ance on how to design and implement the
system. Notably, it contains a level of de-
tail not covered in existing guidance.

What it is not
A preview of ISO 37001 - Anti-Bribery It is important to understand that ISO
Management Systems 37001 is not an anti-bribery silver bullet
or panacea. Adherence to ISO 37001 will
not be a bar to liability, but it can provide
Written by Leslie A. Benton and Worth D. MacMurray some evidence that an organization has
taken reasonable steps to prevent wrong-
doing, and may be taken into consideration
by prosecutors should a bribery-related
A noteworthy new business tool designed to fight event occur. Enforcement authorities reg-
ularly emphasize the importance of hav-
bribery is nearing completion: the ISO 37001 - Anti- ing an effective anti-bribery program. Sev-
eral countries have recently passed laws
bribery management systems standard. Designed by requiring or incentivizing organizations
to adopt effective anti-bribery compliance
businesses and other stakeholders from around the programs as well.

globe, this standard, when it is formally adopted by Similarly, certification under ISO 37001
is not a guarantee that bribery has never
the International Organization for Standardization occurred or will never occur. Humans
are creative and even the strongest stan-
(ISO), has the potential to reduce corporate risk and dards can be circumvented at times, or
gamed. But where competent, credible
costs related to bribery by providing a manageable independent third parties review a com-
panys design and implementation of its
business framework for preventing, detecting and ISO 37001-based anti-corruption man-
agement system, the chances of bribery
addressing bribery. should be reduced. A subcommittee of


Compliance & Ethics

Among the new and positive aspects of 37001 it embraces the standards operational
emphasis and a commitment to ethical
are its business-oriented management systems practices.

approach, its transparency and its non- The standard has wide application and
applies to public entities and non-profits
legalistic language. as well, as they face many of the same
bribery risks as do businesses.

Draft ISO 37001s path forward

Experts from companies, governments

and non-governmental organizations,
drawn from 34 participating countries,
18 observer countries and seven liaison
organizations, comprise the committee
the ISO 37001 committee is developing de- costs and making it easier for others drafting the standard. Publication of the
tailed auditor competence requirements also applying ISO 37001 to participate standard is expected in September 2016.
applicable to those conducting the certi- in that value chain. At the early stages,
fication activity. standard adoption by a company can In conclusion
also be a marketing differentiator,
In addition, the standard should not be with certification demonstrating that Many companies have already invested
viewed as the same old, same old, nor as a the entity has gone the extra mile to significant time and resources into devel-
mere repetition of what exists elsewhere. affirmatively address anti-bribery risk. oping internal systems and processes for
Among the new and positive aspects of preventing bribery. The new ISO standard
37001 are its business-oriented manage- Cost avoidance and risk reduction: is designed to support and broaden those
ment systems approach, its transparency When a company has an enhanced efforts, while providing transparency and
and its non-legalistic language. ability to prevent and detect bribery, clarity on the measures and controls that
there is less risk that inappropriate companies should be putting in place and
Business advantages behavior will occur, and an increased how to implement them most effectively
likelihood that if it takes place, it will and efficiently.
Business people are naturally more com- be identified and managed at earlier
fortable with business terms like rev- stages than would otherwise be the ISO 37001 has the potential to be a powerful
enue, costs and financial statement im- case. In addition to the potential new tool for all organizations to combat
pact than they are with the arguably less benefits related to revenue and bribery risk in their own operations and
precise legal references to matters related profit, noted above, there are direct throughout their global value chains. To
to anti-bribery such as regulatory pri- and indirect cost benefits. Directly, learn more, we encourage you to read
orities, legal grey areas or potential suc- corporate funds and other assets about the standard on the ISO website:
cessor liability. This is one of ISO 37001s are less likely to be applied to illegal
great benefits: It provides companies with bribery-related purposes. Indirectly,
a framework that is in the context of key with less risk of governmental htm?csnumber=65034.
business driversrevenue growth, cost re- investigations related to bribery
duction and corporate responsibility. allegations, expensive outside
service providers (e.g., lawyers,
Revenue growth and cost savings: forensic accountants and e-discovery
Larger companies, for their own anti- specialists) may not be needed to
bribery risk management reasons, help determine what went wrong
are increasingly placing anti-bribery and negotiate a resolution. And Author Biographies
management obligations on their identification and mitigation of issues
value chain participants. These at the early stages is typically less Leslie A. Benton is the Vice President of
obligations, which are costly to both complex, time-consuming and costly Advocacy and Stakeholder Engagement
the large organization and the value than time-pressured and cost-is-no- of the Center for Responsible Enterprise
chain partner, take a variety of forms obstacle late-stage responses. And Trade (, a non-
(e.g., certifications, verification audits, governmental organization dedicated to
independent agent due diligence and/ Corporate social responsibility: helping companies prevent corruption
or the wholesale adoption of the In addition to reducing risk and and protect intellectual property. Ms.
requesting companys anti-corruption potential liability, anti-bribery Benton previously led the anti-corruption
policy) and their scope often makes programs are an integral component and compliance communications practice
it difficult for other companies, of a companys commitment to good at Levick Strategic Communications and
particularly small and medium- corporate citizenship or corporate was the Senior Policy Director for the US
sized businesses, to accept them and social responsibility (CSR). In chapter of Transparency International.
therefore be eligible to be a todays global economy, companies
business partner. are accountable to a wide range of Worth D. MacMurray is the Senior Vice
stakeholders. Calls for increased President - General Counsel & Chief
Because draft ISO 37001 is a business- disclosure of both financial and Compliance Officer of GAN Integrity
oriented management system, it has non-financial information, pressure Inc. in McLean, Virginia. Previously, he
the potential to be viewed and used as from investor communities, increased consulted on anti-corruption and cyber-
an anti-bribery common language. customer scrutiny and the desire to governance matters at PwC and served
Companies can then use the standard to create sustainable business models as general counsel and chief compliance
engage business partners or to simplify are all driving the CSR movement. By officer of several technology sector public
or enhance their existing individual aligning with ISO 37001, a company companies.
requirements, thus reducing their can demonstrate to stakeholders that


