On October 15, 2016, the International Standards Organization Technical Committee ISO/PC 278 issued ISO 37001 titled, "Anti-bribery management systems - Requirements with guidance for use." ISO 37001(the Standard) "specifies requirements" related to "establishing, implementing, maintaining, reviewing and improving an anti-bribery management system." The Standard dictates what companies "shall" do rather than "should" do, meaning that these requirements can be certified by objective criteria. The Standard is likely to have widespread adoption, with the standard-setting bodies of 37 countries participating in the creation of the Standard, including the United States (ANSI), United Kingdom (BSI), Brazil (ABNT), India (BIS) and China (SAC).
This is a new global standard for anti-bribery and corruption (ABC) management systems that will allow measurement against agreed global standards in determining whether a vendor, supplier, service provider, consultant or other third party has an adequate ABC program. This Standard applies to public- and private-sector organizations. It is anticipated that many public-sector organizations will adopt the Standard, which in turn will cause those private-sector organizations wanting to do business with them to need to be certified under ISO 37001 as well.
ISO 37001 states that it follows in the lineage of the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and the United Nations Convention against Corruption. The program that the Standard describes is similar to those that many mature ABC programs already follow. Like these international standards and industry best practices and many of the national laws applicable to ABC, such as the US FCPA and the UK Bribery Act, the Standard addresses many of the same elements: tone at the top, due diligence, training, gifts and hospitality, books and records, and risk assessments. And it speaks in terms of programs being "reasonable," "appropriate" and "proportionate" to the size of the organization and the risks it faces.
There are two major differences between the Standard and the laws and guidance that precede it. First, this is an internationally-agreed-upon set of requirements that would apply to companies from Stockholm to Sydney to Shanghai to San Francisco. It sets a very practical standard for whether companies are the kinds of organizations that law-abiding companies want to deal with. Second, this ISO standard is auditable, so an independent third party can certify that a company's procedures meet the international minimum standard. In the international marketplace, those not obtaining certification may find themselves at a competitive disadvantage.
ISO 37001 follows the structure of ISO 9001, the global quality management standard. Over a million organizations in 178 countries have received ISO 9001 certification in order to stay competitive globally. In many industries and in many public tenders, a supplier may not compete effectively without an ISO 9001 quality certification. It remains to be seen whether ISO 37001 anti-bribery certification will follow this pattern of widespread adoption.