ANTI-BRIBERY MANAGEMENT SYSTEM
What you need to know about the ISO 37001 standard?
What is DIN ISO 37001?
The DIN ISO 37001:2016 standard on anti-bribery management systems is an international standard for management systems to help organizations tackle corruption. It was developed between 2013 and 2016 and published in October 2016. The ISO standard defines requirements and provides guidance on setting up, implementing, maintaining, reviewing and improving an anti-corruption management system.
It incorporates existing and well-established anti-bribery principles, such as the guidance on the UK Bribery Act, in order to publicize these principles internationally and make them accessible. Since it is applicable to all countries and all industries, ISO 37001 promotes a standardized understanding of anti-bribery management systems (ABMS) in organizations of different types. It sets out generally applicable standards for the development, implementation, operation and improvement of ABMS.
ISO 37001 details a number of specific measures and checks which organizations are urged to implement to prevent corruption or at least identify it promptly.
Who produced the ISO standard?
Development of the ISO anti-bribery management standard was initiated by the British Standards Institute (BSI). At the end of 2012 the International Organization for Standardization (ISO) decided to pursue this initiative itself. Since the majority of ISO members were in favour of developing a new standard of this sort, project committee ISO/PC 278 was set up to take the matter forward. Experts from 28 countries, including Germany, worked on drawing up the standard and a further 19 countries with observer status were also involved. Seven liaison organizations such as the OECD and Transparency International contributed external expertise.
Anti-corruption lawyer Jean-Pierre Mean played a key part in the development and drafting of ISO 37001. In an interview with LexisNexis he reports on how organizations can successfully implement the ISO standard and how they benefit from certification.
Who is ISO 37001 for?
The ISO standard is so flexible that it can be used in all countries and by organizations of any type or size. It can therefore be applied in small, owner-managed businesses, foundations, associations or official bodies as well as in multi-national companies and other public or private-sector organizations.
Does the ISO standard require a stand-alone management system?
ISO 37001 is in principle a stand-alone management system. However, the measures it contains are designed so that they can also be integrated into existing management systems and the control mechanisms that they specify. Like the widely used quality management system ISO 9001, DIN ISO 37001 adopts a top-down approach.
What are the main requirements of the iso standard?
The most important function of a compliance management system (CMS) is to ensure that any potential for material violations of the rules is identified promptly and that violations are prevented.
Despite an exemplary CMS, violations can still occur; even the best system cannot totally prevent them. The CMS sets out rules on appropriate responses and countermeasures in the event of a violation.
ISO 37001 defines seven core steps and assigns concrete measures to each:
Implementing a comprehensive compliance policy makes economic sense and ultimately boosts sales. An organization that complies with legal obligations and can demonstrate that it has put measures in place to prevent compliance violations earns the trust of customers, suppliers and other parties.
Compliance only functions in organizations if it is practiced by management. Compliance managers may find that establishing this “tone from the top” is a challenging task. But correct behavior at all levels and across all departments can only be achieved if everyone acts together. The ISO explicitly refers to this in Section 5.
The ISO standard requires organizations to have an independent compliance manager who should also be responsible for the anti-bribery management system. To enable the employee assigned to this function to work independently, it is essential to avoid conflicts of interest.
According to the ISO, the organization’s managers are also responsible for ensuring that an anti-bribery policy is adopted. The policy must state clearly that bribery is prohibited and that any violations by employees will be reported and appropriate action taken. The policy must be communicated to all members of staff and relevant external partners.
As part of the anti-bribery management system, effective controls specific to the organization must be developed. These controls must cover all corruption risks and ensure effective monitoring for violations.
According to ISO 37001, employees should participate in regular training that enables them to understand the organization’s anti-bribery policy and comply with it. The ISO does not require all employees to receive training but only those with elevated risk potential. The training programme must be tailored to the organization.
There are many different aspects to the establishment of an anti-bribery management system. The ISO standard provides some advice on designing an ABMS. For example, enhanced due diligence must always be performed on transactions, projects, personnel and business associates if the corruption risk is any higher than “low”.
The ISO requires business associated or business partners to be included in the financial and non-financial controls. In high-risk cases ISO 37001 also calls for the business partners of the business associates to be checked. ISO-certified organizations should require these risk and compliance checks from their direct business partners.
If the corruption risk is classed as low, it is not necessary to demand that business partners carry out risk and compliance checks. In this situation, the check of the organization’s own business partners is sufficient.
Internally, a dual control principle for important transactions may be enough. In dealing with external partners, corruption often occurs in connection with procurement procedures. A transparent procurement procedure for important transactions can prevent corruption.
The review process involves identifying and categorizing the risks within the organization and among third parties so that they can be tackled effectively. In other words, this is a risk-based approach.
If corruption risks are identified internally or among partners, suppliers and other business partners, the due diligence checks described in the “Review” section must be rigorously performed and documented.
Setting up a compliance programs in accordance with ISO 37001 is not a one-off task – even if the CMS is successfully certified. The compliance manager and the organization’s managers must maintain ongoing due diligence, which includes reporting, monitoring, investigating and checking. All processes must be enshrined in the organization’s DNA as an automatic aspect of the management task.
No system functions perfectly from the get-go. As part of a process of continuous improvement, the CMS must therefore be regularly scrutinized so that violations can be systematically prevented and non-conformities addressed. This systematic process is explicitly required in Section 10 of ISO 37001, which deals with improvement.
It may sometimes be necessary to adapt the CMS as a result of external factors such as changes in procurement law or the commercial banking system or revision of ISO 37001 itself.
We help you perform due diligence on your business partners in accordance with ISO 37001.
Implementation for business: What are the impacts?
How will the ISO standard benefit businesses?
ISO 37001 sets out minimum requirements for businesses and organizations and provides helpful guidance on successful implementation of an anti-bribery management system and assessment of its capability. This benefits management, investors, staff, customers and other stakeholders since it enables them to be certain that appropriate steps are being taken to minimize corruption risks.
Can my organization get ISO 37001 certification?
Because ISO 37001 is a Type A standard and thus goes beyond being merely recommendatory, organizations can be certified by an independent body. Any organization can be certified if an audit establishes that it meets the requirements of the ISO standard.
Who carries out certification?
Businesses and organizations can only be certified to ISO 37001 by an external auditor. Internal auditing by the organization’s own personnel is not permitted. External auditors must be recognized by a certification body; this body also oversees performance and acceptance of the audit. The organization seeking certification is free to decide which certification body to select. Certification bodies can themselves be accredited by the Berlin-based Deutsche Akkreditierungsstelle GmbH (DAkkS). On 1 January 2010 the DAkkS was appointed Germany’s national accreditation body for the accreditation of certification bodies and testing laboratories under Regulation (EC) no. 765/2008 (Article 4(1)).
How often must certification be repeated?
An on-site audit identifies whether the organization meets the requirements of ISO 37001. At least a day must be allowed for this: a longer period may be required depending on the size of the organization, the number of customers and the complexity of the processes involved. Upon successful completion of the certification audit, the auditor issues a certificate that is valid for three years. A yearly review is needed to maintain the certification.
What measures does ISO 37001 specify in relation to gifts and invitations?
ISO 37001 requires effective controls in relation to gifts, invitations and the like. A total ban may be imposed or – if the risk of corruption is low – a degree of tolerance may be permitted, depending on the value and frequency of the gifts/invitations and on other factors. However, the emphasis is on transparency and seamless documentation.
How does ISO 37001 differ from ISO 19600?
There are two important differences between ISO 37001 and ISO 19600, which was introduced in 2014. Firstly, ISO 19600 is a Type B standard and thus merely recommendatory, whereas ISO 37001 is a Type A standard and therefore contains compulsory requirements that can be verified and certified. Secondly, DIN ISO 37001 is a standard that focuses on a single important compliance issue, while ISO 19600 is a generic standard that sets out recommendations for compliance programs covering a range of issues.
Contact@SCM.com
Conduct Gap Analysis to find any Shortcomings from the standard requirements.
Policies, procedures, Work Instructions, Evidences, Records, Training
Conduct frequent internal audit and management review meeting.
Apply corrective actions on the identified root cause or shortcomings
Shubharambha for your certification
Bottom-line of any business organization is profit and Customers are the only source of Profit. SCM will help balancing both customer and compliance requirement at the same time with the help of ISO certification
ISO certification is a tool to streamline and enhance the process performed internal to the organization. SCM indulges in inculcating best industry practices.
It is always about the Brand value of your organization in the market and ISO certification from SCM can make your organization to be an excel and stand out in the market globally
ISO certification is a basic requirement to bid or participate in any tenders floated by government or private sector. And ISO certification from SCM is an assurance win over the tenders.
Partner us to unlock the greatest opportunities.
We have been featured in various national and international media for our contribution in the field of business consulting and training.
We are trusted by over 100+ companies globally for our quality services and support.
Welcome to Shubharambha Consulting. We lead the way in providing exceptional consulting, training, and certification services offering a comprehensive solution for ISO (consulting, auditing, certification), Business Consulting, Business Registration, Professional workshops and trainings and more.
Copyright © 2024 All rights reserved
Powered by Bitmap I.T. Solution Pvt. Ltd.