ISO 37001: Certifiable anti-bribery standards are on the horizon

Exposure to bribery increases as multinational corporations break into emerging markets or expand their footprint in developing countries. Additionally, employees or personnel working on behalf of an organization can face the challenge of being asked to make corrupt payments to facilitate business activities.

As a result, companies are continuously developing or enhancing controls to reduce this ever-present bribery risk. To support these efforts, the International Organization for Standardization (ISO) is developing ISO 37001 — a groundbreaking system of international standards that allows a corporation to independently certify their anti-bribery program — which is expected to be published at the end of 2016.

Regulations related to anti-bribery vary from country to country and often fail to provide companies with a clear roadmap on how to protect themselves from these laws. Companies have looked to the FCPA Resource Guide — published in 2012 by the Department of Justice (DoJ) and the SEC — to understand the guidelines U.S. regulators will use to determine the comprehensiveness and effectiveness of their anti-corruption programs. The 2012 guidelines are U.S.-centric and focused solely on bribing public officials, whereas ISO 37001 is expected to have a broader and more global focus. ISO 37001 has a wider international reach than the FCPA Resource Guide because 37 countries participated in its development, including China, India, Mexico, the UK, Spain and the United States.

The new standards will not be focused exclusively on large global companies. According to ISO 37001 FAQs, the standards are designed to be used by small, medium and large organizations in the public, private and nonprofit sectors. One of the key points in Grant Thornton LLP’s review of the preliminary documents of ISO 37001 is that the implementation should be applied based on reasonableness and proportionate to various characteristics of the organization such as size, structure, industry, where they operate, complexity and overall bribery risk profile.

Based on a preview of the documents in development, these certifiable ISO 37001 standards will cover several areas that an organization must address with their anti-bribery program. Some of these measures include:

  • Implementing an anti-bribery policy on an organization-wide global basis
  • Setting up an appropriately staffed compliance department
  • Conducting a risk assessment to understand bribery risks
  • Providing anti-bribery training to employees as well as related parties
  • Conducting due diligence on companies working on behalf of the organization
  • Establishing controls over gifts, hospitality, donations and entertainment
  • Implementing effective financial controls, especially involving procurement and disbursements of funds
  • Investigating allegations of bribery and remediating appropriately

By implementing ISO 37001, organizations demonstrate to business partners, customers, investors and the business community at large that they are making concerted efforts to prevent and deter bribery. It will also provide a competitive advantage. Certification of ISO 37001 implementation should be done by an independent third party — for example, an accounting firm with a global presence.

This is a good time to start preparing for ISO 37001. The benefits of establishing a strong anti-bribery program and having it certified may be far-reaching. Grant Thornton believes that properly establishing and certifying an organization’s anti-bribery program will allow the organization to establish a defensible position if regulators launch an inquiry or investigation concerning corruption payments. Another example would be when an organization identifies and investigates anti-bribery law violations and has to explain to enforcement agencies like the SEC, DoJ or the UK’s International Corruption Unit that it took reasonable steps to implement anti-bribery controls. The certification can be used as a competitive advantage in the marketplace and may help in successfully bidding on contracts against noncertified ISO 37001 companies. Ultimately, ISO 37001 may establish a strong position that will go a long way in protecting the interests of the organization and reduce enforcement penalties and fines.

Contact William P. Olsen
Corporate Compliance Practice Leader, Forensic Advisory Services
T +1 703 847 7519

Paul Peterson
Senior Manager
Forensic Advisory Services
T +1 703 847 7671