The draft standard, ‘ISO 37001 - Anti-bribery management systems’ aims to combat bribery by providing guidance as to how organisations can implement, maintain and improve an ‘anti-bribery management system’ (‘ABMS’).
In the event of a bribery investigation, the existence of an ISO 37001 certified ABMS may help companies and organisations to demonstrate that they have ‘adequate procedures’ for the purposes of the Section 7 strict liability ‘corporate offence’ of the Bribery Act 2010.
ISO 37001 is a flexible standard that recognises that there is no ‘one-size-fits-all’ approach. Instead, it adopts a step-by-step, risk-based approach, detailing how to implement an ABMS from the initial risk assessment to its review. The standard is split into two parts: first, the main body which details the regulations and requirements of the standard and, second, Annex A which provides illustrative guidance as to its use.
The main body is divided into a number of sections, each one focusing on a different regulatory aspect of implementing an ABMS:
- 'Context of the organisation' - This highlights the need for organisations to undertake bribery risk assessments based on factors including size and the sectors they operate in.
- 'Leadership' - This establishes the importance of the role of ‘top management’ and the need for an adequate compliance function to maintain and supervise the ABMS.
- 'Support' - This highlights the importance of having in place appropriate human, physical and financial resources to ensure the effective running of an ABMS.
- 'Operation' - This is primarily concerned with the operational planning and running of the ABMS. Due diligence is also an important part of ‘Operation’ – the regulations requiring organisations to ensure that they have adequate systems in place for both business associates and the organisation itself.
Whilst demonstrating that a certified ABMS is in place is by no means a guaranteed defence to bribery allegations, the standard is likely to help organisations demonstrate that ‘adequate procedures’ have been put in place to prevent bribery, for the purposes of Section 7 of the Bribery Act 2010. This should help to provide reassurance to the board and shareholders of organisations that any gaps in defences have been dealt with in a risk based and proportionate manner.
For a more in-depth look at ISO 37001, including how it will affect businesses and business practices, read the full article here.