The International Standard ISO 37001 “Anti-Bribery management systems”, published on 15 October 2016, offers enterprises a framework for implementing antibribery management systems. This international standard provides for various measures enabling enterprises to prevent and detect acts of bribery as well as to respond thereto.
This international standard should rapidly become indispensable for enterprises and investors.
What is the scope of the International Standard ISO 37001?
This standard is designed for all types of enterprise regardless of their size and permits the prevention of risks of bribery of public officials as well as of private individuals.
It covers acts of active corruption committed by the enterprise, its staff or its business partners, on its behalf, as well as acts of passive corruption targeting the enterprise;
The standard defines the good practices, procedures and monitoring tools that may be implemented to cope with bribery risks and includes guidelines for the implementation of these measures.
What are the provisions of the International Standard ISO 37001?
Leadership and commitment by Top Management
Top Management Shall notably:
- implement an anti-bribery management system corresponding to the strategy, size and resources of the enterprise;
- control its integration within the enterprise;
- transmit a strong message of zero tolerance and define responsibilities at all levels.
This department shall notably:
- be managed by one or more qualified persons, independent from the top management;
- have adequate resources
- supervise the definition and the implementation of the anti-bribery management system;
- provide assistance and guidance to personnel;
- report to top management on the performance of the anti-bribery management system.
Anti-bribery risk assessment
In order to establish risk mapping and before implementing appropriate and adapted measures, the enterprise shall identify potential risks and assess their nature and extent, notably with regard to its objectives, activities, transactions and business partners.
Adoption of an anti-bribery policy
This policy shall notably:
- impose compliance with applicable anti-bribery regulations;
- be adapted to the enterprise and communicated in a language accessible to employees and business partners;
- provide for the implementation of procedures aimed at preventing acts of bribery;
- encourage the reporting of illicit or risky situations and guarantee the protection whistleblowers;
- indicate the consequences of non-compliance with the anti-bribery policy.
Personnel - information, sanctions and absence of penalties in the event of whistleblowing
The enterprise shall:
- provide each new employee with a copy of the anti-bribery policy;
- implement procedures for taking appropriate disciplinary measures in case of non-compliance with the anti-bribery policy;
- specify the absence of retaliation in cases of whistleblowing;
- implement procedures to prevent incentive schemes from encouraging bribery.
Awareness and training
The enterprise shall implement training programs on:
- the qapplicable anti-bribery regulations;
- the anti-bribery risks;
- the policy and procedures enabling prevention of these risks;
- the importance of employee contribution to the effectiveness of the anti-bribery management system;
- the consequences of non-compliance with the provisions;
- the whistleblowing procedure.
The whistleblowing procedure shall enable:
- reporting to the compliance department of proven or suspected cases of corruption, breaches or deficiencies of the anti-bribery management system;
- these reports to be treated in a confidential manner and allow for anonymous alerts.
Investigatory procedures shall:
ensure they are always conducted by personnel separate from the department being investigated or by an independent body;
provide for appropriate measures to be taken in the event an act of bribery is detected;
render mandatory cooperation of the personnel concerned.
Internal and external auditing
The enterprise must implement relevant audit procedures to verify that its anti-bribery management system:
- complies with the provisions of the International Standard ISO 37001;
- has been implemented an effective and continual basis.
The enterprise must maintain procedures to ensure that:
- any entity that it controls implements its anti-bribery management system;
- its business partners (agents, consultants, suppliers) have also adopted an anti-bribery policy.
These audits must be conducted on a regular basis by the compliance department or an independent body, according to strict and predefined criteria.
In the case of non-compliance, the enterprise must take the necessary remedial action and modify its anti-bribery management system.
Improvements to the system and to the procedures must be continuous, regular and adapted to any change of the applicable regulations or in the enterprise.
Archiving of Documents
The documents relating to the implementation of the antibribery management system (programs and evidence of training, risk assessment, notes and results of audits, investigations, corrective measures and improvements, etc.) must be archived.