“How do I know whether my anti-bribery program is good?” That’s a question asked every day by compliance officers throughout the world. Up until now the answer has always required a guessing game involving scouring your network to hear about best practices, reviewing numerous pieces of guidance published by various regulators, and reading up on the latest enforcement action. But there wasn’t ever a way to know how you well you were really doing. That’s all changed.
On October 14th, the world’s anti-bribery community celebrated as the finalized ISO 37001 Anti-Bribery Management Systems standard was published. The standard took three years to develop, using input from experts in 56 countries. Companies can now obtain certification that they meet the best practices and regulatory obligations for international anti-bribery programs. The standard can be applied to any organization, of any size, worldwide.
Why does certification matter? Well, with ISO 37001 certification, an organization can:
- Demonstrate that their program adheres to the highest standards;
- Mitigate global bribery risk to and from both other businesses and government entities;
- Benefit from completing all the documentation required to prove the efficacy of its risk assessments, training and due diligence program; and
- Compete globally, especially if governments begin to require ISO 37001 certification for public tender, as is expected in some countries.
Standards based programs are increasingly essential in global commerce, with trading partners from small enterprises to national governments insisting upon ISO certification of quality and security. Anti-bribery is likely to become another critical area of certification.
What’s in it for Business?
Obtaining certification will not make a company immune to prosecution. However, it will make prosecution much less likely in the first place. Why? Because employees will have been trained, controls will be put in place, reports will be available and red flags should be caught more easily. If a company is prosecuted for bribery, the company will already have policies, procedures and reports available to mount an adequate procedures defense or to seek mitigation of damages because of the strong compliance program.
Additionally, having an ISO 37001 certification is short-hand for “We’ve got a good compliance program.” Like many other ISO certifications, ISO 37001 should move suppliers and third-parties through due diligence processes more quickly, as an outside body has already certified that an anti-bribery program exists and is effective. This can be a tremendous business advantage – one which benefits both supplier, moving faster through the procurement process, and buyer, who will be exposed to less risk with a certified company.
What Will the Regulators Say?
In June, I was at the 10th annual C-5 Anti-Corruption Conference in London, listening to Kathleen McGovern, Senior Deputy Chief of the Fraud Section of the U.S. DOJ and Kara N. Brockmeyer, Chief of the FCPA Unit of the U.S. SEC, when they were asked what they thought of the new ISO 37001 Anti-Bribery Management Systems Standard.
“I think it’s great,” said Ms. McGovern. “Anything that tells companies, especially overseas companies, what is expected from an anti-corruption perspective is a good thing.”
“I agree,” said Ms. Brockmeyer. She went on to say that levelling the playing field so that everyone has one standard is a positive step for global corruption prevention.
Both Mr. McGovern and Ms. Brockmeyer were speaking in their personal capacities, and not making an official statement for the DOJ and SEC. However, these statements to the anti-bribery community show the power of certification in allowing a company to prove it has met the expectations the regulators would impose if disclosure of a problem were required.
Will There Be Demand?
In September, I published an article the virtues of ISO certification in the FCPA Blog. Within 20 minutes of that publication, a major multi-national company contacted my company about certification. Several companies in Britain and the U.S. want to be first to market, using their ISO 37001 status as a competitive edge in a crowded marketplace. Last month Compliance Week magazine found that 56% of businesses surveyed plan to begin the process of certification in the next year.
Perhaps unsurprisingly, several companies that have had bribery enforcement actions brought against them have begun pursuing ISO 37001 certification. Once a company has cleaned up its act, there is no better way to prove its commitment to its anti-bribery program than by having it certified.
By: Kristy Grant-Hart, CEO of Spark Compliance Consulting*
*Ms. Grant-Hart is a former Chief Compliance Officer and author of the book, “How to Be a Wildly Effective Compliance Officer.”