BDO Knows: Global Forensics

February 2017

Compliance Without Borders: ISO 37001 Introduces Global Anti-Bribery Standards and Certification Program­­­­­


Summary

This past October, after four years of negotiations, the International Standards Organization (ISO) published the finalized ISO 37001, an anti-bribery management system and the first international standard of its kind aimed at preventing, detecting and responding to bribery. Organizations can be certified to ISO 37001 by accredited third parties.


Details

Known as ISO 37001 and incorporating input from 44 countries and seven liaison organizations, the framework is designed to help establish, implement, maintain and improve anti-bribery compliance programs globally, according to the ISO.

The ISO compliance program, which can be used by organizations in any country, incorporates various international anti-bribery best practices like the Foreign Corrupt Practices Act, the U.K. Bribery Act and the OECD Anti-Bribery Convention, and provides specific minimum requirements and supporting guidance intended to be universally applicable, regardless of an organization’s size, nature of business and level of bribery risk.
Although the standard only applies to bribery, organizations can choose to extend the scope of the management system to include other illicit practices like fraud, anti-trust/competition offenses and money laundering. The measures are designed to be integrated into organizations’ existing management processes and controls, including other ISO standards.

If organizations decide to become certified by a third party, the following steps are necessary for compliance:
  • Implement an anti-bribery policy and program, communicating those to all relevant personnel and business associates (including joint venture partners, subcontractors, suppliers and consultants);
  • Appoint a compliance manager to oversee the policy and program;
  • Provide anti-bribery training to employees;
  • Assess bribery risks, including conducting necessary due diligence;
  • Take steps to ensure controlled organizations and third parties implement anti-bribery controls;
  • Verify that personnel will comply with the policy and program;
  • Control benefits — including hospitality, gifts and donations — to ensure they do not serve a corrupt purpose;
  • Implement financial, procurement and other commercial controls to help mitigate the potential for bribery; and
  • Implement whistleblower procedures, and investigate and address any suspected or actual bribery.


BDO Insights

It remains to be seen exactly what certification of ISO 37001 will look like. Questions, such as who will be eligible to certify compliance with the standard, what it will cost and the number of organizations expected to opt in, remain. But as bribery costs around the world continue to soar, with estimates between $1.5 and $2 trillion annually, the standard may provide a necessary first step toward a truly global anti-corruption regime.

The ISO 37001 framework will likely require few changes or actions from large, multinational Western companies with robust anti-compliance programs already in place. However, for middle-market companies without the necessary compliance resources or expertise to craft a comprehensive anti-bribery program on their own, ISO 37001 is a cost-effective and flexible compliance tool that is easily replicable across geographies. The ability to tout ISO 37001 certification may also prove to be a selling point to potential partners, clients and investors, serving as a powerful testament to a company’s commitment to sound business practices. 

Whether or not organizations ultimately decide to certify, compliance to the minimum requirement set forth in ISO 37001 minimizes the risk of bribery — and the significant costs of bribery violations.   
 

For more information about ISO 37001 certification, please contact:
 
Nina Gross
BDO Consulting Global Forensics Washington, D.C. practice leader
    Glenn Pomerantz
Partner and BDO Global Forensics Practice Leader