A key feature of ENSafrica’s fourth annual anti-bribery and corruption (“ABC”) survey was understanding whether organisations were familiar with the new ISO 37001 anti-bribery management standard (“ABMS”). The International Organization for Standardisation released the ABMS in October 2016. This new standard is designed to support organisations in their fight against bribery and promote an ethical business culture by establishing, implementing and maintaining an anti-bribery compliance programme.
The survey indicated that:
- 91% of respondents believed that adopting the new global ABMS would improve their compliance programmes
- 82% of respondents confirmed that they would be more likely to conduct business with companies that are ISO 37001 compliant
- 47% of respondents indicated that it was important, or critically important, for their organisation to become ABMS compliant
- 44% of respondents indicated that the greatest challenge to implementing the ABMS was securing adequate resources and budget to do so
- 43% of respondents were not at all familiar with the new ABMS, while 45% had limited understanding of it
- 36% of respondents confirmed that they would be seeking ISO certification for their ABMS
- 31% of respondents indicated that they intended complying with the ABMS, while 65% said they were unsure whether they would be complying. Only 4% of respondents indicated that they would not be complying with the new ABMS
- 31% had already started implementing the ABMS, or would be doing so in future
- 5% of respondents indicated that their ABMS had already been ISO certified
The new anti-bribery management system
Like the United Kingdom (“UK”) Bribery Act (“UKBA”) guidance, the United States (“US”) Foreign Corrupt Practices Act guidance and the World Bank Global Integrity Compliance Program Guidelines, the ABMS addresses tone at the top, due diligence, training, gifts and hospitality, books and records, and risk assessments. It speaks in terms of compliance programmes that are “reasonable”, “appropriate” and “proportionate”. Although the standard closely resembles existing ABC compliance guidance in some respects, for the first time it sets out an internationally agreed-upon set of procedures.
This new standard is invaluable as it allows organisations to understand the measures that need to be implemented in order to develop an effective anti-bribery management programme. This standard can be used by any organisation, large or small, whether in the public, private or voluntary sector, and in any country. It is a flexible tool that can be adapted according to the size and nature of the organisation and the bribery risk it faces.
The standard sets out a series of measures that an organisation must implement, which represent globally recognised anti-bribery good practice. Similar to the UKBA, the ABMS talks to both active (paying) and passive (receiving) bribery, and specifies measures that an organisation must adopt to address bribery:
- by the organisation, or its personnel or business associates acting on the organisation’s behalf or for its benefit, and
- of the organisation, or its personnel or business associates in relation to the organisation’s activities.
Other survery results
Many organisations indicated that they were not yet familiar with the new standard (43%), with 34% of respondents confirming only a limited level of familiarity. 68% of respondents had not implemented any process in respect of ISO 37001, with 32% confirming they had already started.
- 31% of organisations intended complying with ISO 37001, with 65% currently unsure
- 5% indicated that they have already been ISO 37001 certified
- 47% indicated that it was important for their organisation to become ABMS compliant, with 36% of respondents confirming that they would be seeking ISO certification for their ABMS
Respondents listed the following areas as the most crucial in terms of their ABMS (in order of importance):
- tone at the top
- risk assessment
- due diligence of business partners
- vetting new employees
- anti-bribery training for employees
- control of benefits such as gifts, travel and entertainment
- maintaining accurate books and records
- proportionate procedures
- appropriate policies and procedures
- adequate resources and budget for a compliance team
- implementing measures designed to prevent, detect and respond to bribery
- maintaining a whistle-blowing or reporting facility dealing appropriately with any actual or suspected bribery, or violation of anti-bribery policies
A significant concern is that 44% of respondents highlighted “adequate resources and budget for compliance team” as the most challenging measure that may impede the ability to implement the ABMS. ISO guidance recommends that organisations should appoint a compliance manager to oversee the design and implementation of the ABMS programme. The role includes advising and guiding personnel on the ABMS system and on issues relating to bribery, and ensuring compliance with the ISO standard. Management of the organisation must ensure that this role is adequately resourced and assigned to appropriate persons with the necessary skills, competence, status, independence and authority. Additionally, there should be sufficient budget, including in the anti-bribery compliance function, for the ABMS to function effectively.
The anti-bribery compliance function must have direct and prompt access to top management in the event that any issue or concern needs to be raised in relation to bribery or the ABMS.
A regulator will consider how much a company spends on compliance annually (in the context of its size) and the resources dedicated to the compliance function. If a relatively large company spends very little on compliance and has little to no compliance resources, it will be difficult to convincingly argue that it is committed to ABC compliance.
Other measures that respondents cited as challenges to implementing processes in respect of ISO 37001 include:
- due diligence of business partners (42%)
- control of benefits such as gifts, travel and entertainment (27%)
31% of respondents indicated that they had already, or would be, implementing the ABMS in the near future, with respondents stating that assurance to management, investors, business associates, personnel and other stakeholders that their organisation was taking reasonable steps to prevent bribery was the most important benefit of ISO 37001.
The Prevention and Combating of Corrupt Activities Amendment Bill
The South African Department of Justice and Correctional Services recently published the Prevention and Combating of Corrupt Activities Amendment Bill, which proposes amending the Prevention and Combating of Corrupt Activities Act, 2004 (“PRECCA”).
The Bill places an obligation on persons in a position of authority (as defined in PRECCA) to implement an internal compliance programme to ensure offences are detected and reported. However, the Bill is silent on guidance on what this programme should look like or how it should be implemented. ABMS provides a blue- print solution for such an internal compliance programme.
During this survey, we received a number of enquiries regarding ABMS certification. This would usually entail an external consultant supporting the organisation in implementing the necessary ISO management system. Once this is done, the organisation would apply for certification with an accredited body for assessment.
Certification is no guarantee that bribery will not occur and will not provide immunity against prosecution. However, it may assist the organisation to demonstrate its commitment to anti-bribery compliance and confirm “adequate procedures” to prevent corruption.
120 respondents participated in ENSafrica's fourth ABC survey. The majority of respondents indicated that they had operations in South Africa (80%), with significant others having operations in Namibia (29%), Mozambique (15%), Kenya (15%), Botswana (13%), Mauritius (13%), Zambia (12%), Tanzania (11%), Uganda (10%), Ghana (9%), Lesotho (9%), Nigeria (9%) and Zimbabwe (8%). A number of the respondents also indicated that they had operations in non-African jurisdictions, including the UK, the US, Australia, China, Brazil, Ireland, Malaysia and Bermuda.
Respondents were primarily compliance professionals (18%) and legal professionals (25%), with others in forensics, human resources internal audit and executive management roles. 33% of respondents indicated that their organisations had between 1 000 and 9 999 employees.