The draft standard, ‘ISO 37001 - Anti-bribery management systems’ aims to combat bribery by providing guidance as to how organisations can implement, maintain and improve an ‘anti-bribery management system’ (‘ABMS’).

In the event of a bribery investigation, the existence of an ISO 37001 certified ABMS may help companies and organisations to demonstrate that they have ‘adequate procedures’ for the purposes of the Section 7 strict liability ‘corporate offence’ of the Bribery Act 2010.

ISO 37001 is a flexible standard that recognises that there is no ‘one-size-fits-all’ approach. Instead, it adopts a step-by-step, risk-based approach, detailing how to implement an ABMS from the initial risk assessment to its review. The standard is split into two parts: first, the main body which details the regulations and requirements of the standard and, second, Annex A which provides illustrative guidance as to its use.  

The main body is divided into a number of sections, each one focusing on a different regulatory aspect of implementing an ABMS:

  • 'Context of the organisation' - This highlights the need for organisations to undertake bribery risk assessments based on factors including size and the sectors they operate in.
  • 'Leadership' - This establishes the importance of the role of ‘top management’ and the need for an adequate compliance function to maintain and supervise the ABMS.
  • 'Support' - This highlights the importance of having in place appropriate human, physical and financial resources to ensure the effective running of an ABMS. 
  • 'Operation' - This is primarily concerned with the operational planning and running of the ABMS. Due diligence is also an important part of ‘Operation’ – the regulations requiring organisations to ensure that they have adequate systems in place for both business associates and the organisation itself.

Whilst demonstrating that a certified ABMS is in place is by no means a guaranteed defence to bribery allegations, the standard is likely to help organisations demonstrate that ‘adequate procedures’ have been put in place to prevent bribery, for the purposes of Section 7 of the Bribery Act 2010.  This should help to provide reassurance to the board and shareholders of organisations that any gaps in defences have been dealt with in a risk based and proportionate manner. 

For a more in-depth look at ISO 37001, including how it will affect businesses and business practices, read the full article here.

This post comes to us from Burges Salmon. It has been authored by Thomas Webb.