{"id":4777,"date":"2020-06-19T15:20:59","date_gmt":"2020-06-19T15:20:59","guid":{"rendered":"https:\/\/crigroup.com\/?p=4777"},"modified":"2022-01-11T14:16:28","modified_gmt":"2022-01-11T14:16:28","slug":"can-iso37001-prevent-bribery","status":"publish","type":"post","link":"https:\/\/crigroup.com\/ar\/can-iso37001-prevent-bribery\/","title":{"rendered":"Can ISO 37001:2016 prevent bribery?"},"content":{"rendered":"
Since its launch in 2016, ISO 37001 Anti-Bribery Management Systems standard has had its supporters and critics. Some regulatory bodies and compliance communities initially expressed concern regarding the lack of a body of evidence supporting the effectiveness of ISO 37001:2016 from certain standpoints. Critics asserted that the new standard failed to address broad compliance concerns, and questioned whether ISO 37001:2016 certification<\/a> alone can prevent prosecution.\u00a0These observations should certainly be weighed and considered, as any new compliance standard must be properly evaluated on its merits. In the case of ISO 37001, however, the critics have made some misjudgments in regards to the key factors they feel are in question with the standard.\u00a0Can ISO 37001:2016 prevent bribery?<\/span><\/p>\n One of the most important things to remember is that a standard like 37001 and all of its measures require a commitment and implementation by the organisation adopting them. ISO 37001 is a standard, administered by a certified body but ultimately implemented by employees of the organisation itself. The purpose of ISO 37001 standard is to provide a framework against which an organisation\u2019s anti-bribery management can be assessed and certified, rather than a foolproof blueprint to prevent bribery.<\/p>\n First, some background: The International Organization for Standardization, or ISO, is the international standard-setting body composed of representatives from various national standards organisations. Founded on 23 Feb. 1947, ISO promotes worldwide proprietary, industrial, and commercial standards. Responding to an international need, ISO issued the 37001:2016 Anti-Bribery Management System standard to help businesses, nonprofits and governmental agencies reduce their risk of bribery and corruption by establishing, implementing, maintaining and improving an anti-bribery management system.<\/p>\n The ISO 37001 standard requirement, which references to ISO 19600 \u2013 Compliance Management System, specifies mandatory requirements for organisations when establishing\/updating their anti-bribery management programs in a manner that is proportionate to the potential bribery risk. The reference to these requirements is referred to as \u201cappropriate\u201d and \u201creasonable\u201d, hence directing organisations to undertake a subjective, diligent and rigorous review of current compliance framework, which will make ISO 37001 effective for them. According to Deloitte & Touche LLP, \u201c[in ISO 37001:2016] it\u2019s the substance, not the form, of a compliance program that determines its effectiveness\u201d.<\/p>\n Some of the concerns regarding the effectiveness of ISO 37001 are focused on whether it addresses broad compliance issues, like inequality, harassment, various types of fraud (outside of bribery and corruption), or similar offences. Seeing that it generally does not, as its focus is on anti-bribery and anti-corruption compliance, some take the view that ISO 37001 has adopted a simplistic approach. The scope of ISO 37001 addresses \u201cestablishing, implementing, maintaining, reviewing, and improving an anti-bribery management system,\u201d whether as a stand-alone initiative or part of a broader anti-corruption. Therefore, implementing ISO 37001 standard requirements should be viewed as a way of enhancing, rather than replacing, an organisation\u2019s existing anti-corruption compliance programs.<\/p>\n ISO 37001 is effective step-by-step guidance for those organisations which lack an anti-corruption framework and enables them to implement a compliance program without investing significant time in identifying the regulatory and non-regulatory requirements. In fact, ISO 37001 has incorporated Federal Sentencing Guidelines, U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) Resource Guide to the U.S. Foreign Corrupt Practices Act, the U.K. Ministry of Justice Bribery Act 2010 Guidance, and OECD\u2019s Good Practice Guidance on Internal Controls, Ethics and Compliance. Former U.S. Deputy Attorney General Rod Rosenstein highlighted three hallmarks of a policy-effective compliance program, which are concurrent with ISO 37001 requirements and include: fostering a culture of compliance; dedicating sufficient resources to compliance activities; and ensuring that experienced compliance personnel has appropriate access to the board.<\/p>\n Lastly, there is a widely held belief that obtaining ISO 37001 certification is an effective tool to avoid prosecution for bribery. These misconceptions have not been viewed favourably insofar as to Ms. Hui Chen, U.S. DOJ\u2019s former compliance counsel, stating \u201cDan Kahn, the Chief of the FCPA Unit in the Fraud Section of DOJ\u2019s Criminal Division, has been very consistent: prosecutors will not outsource their responsibilities\u201d. Rightly so. ISO 37001 certification does not act as insurance to corporate liability for bribery, neither does it refute the need to perform due diligence, and it should be considered and implemented as per company\u2019s risk profile. In practicality, implementing ISO 37001 can demonstrate to enforcement agencies and regulators that the organisation has taken reasonable steps to establish a compliance program to mitigate bribery risks, however, ISO 37001 certification will mitigate the consequences, if not a shield, an organisation from investigation or prosecution.<\/p>\n It is important to note that organisations and governments alike are embracing ISO 37001 as the standard for prevention and detection. One example of this is in Malaysia, where the ISO 37001 standard was adopted across the government under Prime Minister Tun Dr Mahathir Mohamad. The new system has been received positively in both the public and private sectors, and Malaysia\u2019s former anti-graft chief said \u201cthe people\u2019s perception on the government\u2019s seriousness to fight corruption had increased to 70.8 per cent last year from 59.8 per cent in 2016. He said that Malaysia has also shown improvement in its performance indicators in several important international studies and indexes\u201d (New Straits Times, 2019<\/a>). True to form, various heads of government in the country are following the directive. Defence Minister Mohamed Sabu recently \u201ccautioned his officers to adhere to the Anti-Bribery Management System, which had attained the International Standards Organisation\u2019s ISO 37001: 2016 certification\u201d (New Straits Times, 2019<\/a>).<\/p>\n Malaysia is not alone. In Peru, Singapore, and China (Shenzhen Institute of Standards and Technology [SIST]), the national standard bodies have adopted and localised the ISO 37001 standard. In Italy, the ISO 37001 accreditation scheme has been developed by Accredia; whereas in the UK, United Kingdom Accreditation Service (UKAS) has undertaken an ISO 37001 pilot program to develop an accreditation scheme. In the United Arab Emirates, Emirates International Accreditation Centre (EIAC) is undertaking the ISO 37001 accreditation scheme development with CRI\u00ae<\/span> Group\u2019s ABAC\u00ae<\/span> Center of Excellence. ABAC\u00ae is an initiative launched by CRI\u00ae<\/span> Group and offers ISO 37001 certification services.\u00a0Hence, amid these positive developments, the outlook for ISO 37001 looks promising. ISO 37001 is not a \u201csilver bullet\u201d to foolproof an organisation from bribery or corruption, or avoid prosecution should those offences occur. It was never designed to be. Instead, it is a framework to implement the necessary controls and systems at the organisation level \u2013 across all levels \u2013 so as to be better equipped to prevent bribery and corruption moving forward.<\/p>\n CRI\u00ae<\/span> Group has experts who have conducted fraud investigations all around the world, for organisations of all sizes and industries. Our investigators work on-site at your company bringing a boots-on-the-ground approach to uncovering all the facts of the case. When you\u2019ve uncovered fraud, that\u2019s the time to let the experts take over. You owe it to yourself and the future of your business to make sure every investigation is done professionally and effectively. Contact CRI\u00ae<\/span> The story behind ISO 37001:2016<\/strong><\/h2>\n
Anti-corruption versus broad compliance issues<\/strong><\/h2>\n
Prosecution of offences<\/strong><\/h2>\n
ISO 37001:2016 embraced by organisations and governments<\/strong><\/h2>\n