ISO 37001 Can Help US Organizations Prevent Corruption

First-world countries are not immune to the global problem of corruption. The United States – considered by many as one of the leaders in anti-corruption laws and enforcement – has faced a rash of major corruption scandals over the past 20 years and beyond. In the early 2000s, accounting scandals like Enron and WorldCom rocked the business world and caused major economic losses among investors and other stakeholders. More recently, investigations into alleged violations of the Foreign Corrupt Practices Act (FCPA) often begin with illicit actions taken broad but are traced back to U.S.-based companies right here at home. Iconic companies like Walmart and Microsoft are among the U.S. organizations that have been involved in large settlements with the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) over bribery and corruption charges. These fines, coupled with criminal prosecutions in certain cases, have demonstrated the U.S. government’s aggressive stance toward reducing corruption at home and abroad.

For this reason, and as a matter of good business practice, U.S. organizations should quickly adopt an internationally recognized set of anti-bribery anti-corruption standards. Foremost among such initiatives is ISO 37001:2016 – Anti-Bribery Management Systems standard, providing a comprehensive approach to mitigating the risk of bribery and corruption. Companies will find that ISO 37001 and its essential elements can be tailored to their organization, regardless of the organization size or industry. Among its many features, ISO 37001 promotes implementing an anti-bribery policy, appointing a person to oversee anti-bribery, compliance, training, risk assessments, and conducting due diligence on projects and business associates. Implementing financial controls and instituting reporting and investigation procedures are also key within the ISO 37001 framework.

U.S. Losing Ground on Corruption

The result might be surprising for those who expect the U.S. to score near the top of the most recent Transparency International Corruption Perceptions Index. Canada ranks higher, and the U.S. score of 69 marks a two-point drop from the previous year – earning its worst score in eight years. [1]. “The U.S. faces a wide range of challenges, from threats to its system of checks and balances, and the ever-increasing influence of special interests in government, to the use of anonymous shell companies by criminals, corrupt individuals and even terrorists, to hide illicit activities.” The Americas do not get a glowing review from T.I.: “With an average score of 43 for the fourth consecutive year on the Corruption Perceptions Index (CPI), the Americas region fails to make significant progress in the fight against corruption.”

Transparency International’s frank assessment of the U.S.’s standing among other countries and regions in terms of corruption is useful. It helps dispel the notion held by some that bribery, fraud and other misconduct are primarily “third-world problems” that don’t impact large first-world economies. The fact is, large Western companies that seek to expand into new markets, including underdeveloped regions, are often guilty and liable for the corrupt practices that some employees or contractors might employ to advance that growth. Not only is that a problem in itself for its illegality and the damage often inflicted on economies in those areas, but it also creates serious legal and financial peril for companies that are caught and punished for violating the FCPA (as well as other international laws such as the U.K. Bribery Act).

Bribery Cases Prosecuted in the U.S. 

Among the cases involving U.S. companies that were investigated, prosecuted, and/or resolved in 2019, a few stand out as clear warnings that punishment is catching up to those who commit bribery and collusion. Household names like Microsoft and Walmart make a list, and smaller organisations and even individuals who faced fines and, in some cases, custodial punishments.

Microsoft was fined $23 million in combined criminal and civil penalties after a subsidiary, Microsoft Hungary, was investigated for a bid-rigging and bribery scheme. According to court documents, the alleged violations lasted from 2013 until “at least 2015,” according to court documents. The action was brought by the U.S. Department of Justice (DOJ) and the SEC for the sale of Microsoft software licenses to Hungarian government agencies. Microsoft Hungary executives and other employees were found to have violated the FCPA by falsely representing large “discounts” to close deals with resellers. The SEC also found that Microsoft’s subsidiary in Turkey “provided an excessive discount to an unauthorised third party in a licensing transaction for which Microsoft’s records do not reflect any services provided.” [3]

Walmart has been embroiled for more than 10 years in allegations of making corrupt payments to governments and officials worldwide, according to an agreement the massive corporation reached with the DOJ and SEC. Walmart agreed to pay $282 million to settle charges that violated the FCPA to open new locations in various countries and jurisdictions around the world. In court, Walmart’s Brazilian subsidy pleaded guilty to breaking U.S. federal law. On the whole, allegations include cases in Mexico, China, India and other locations. According to federal investigators, Walmart looked the other way as its subsidiaries on three continents paid millions of dollars, between July 2000 to April 2011, to middlemen in order to help the company obtain permits and other government approvals.

Lesser-known companies also faced scrutiny and, in some cases, prosecution. Juniper Networks, a California-based cybersecurity firm, was ordered by the SEC to pay more than $11.7 for FCPA violations. According to the SEC investigation, some of the sales employees in Juniper’s Russian subsidiary “secretly agreed with third-party distributors to fund leisure trips for customers, including government officials through the use of off-book accounts.” It is notable that Juniper did not explicitly admit nor deny the SEC’s claims in coming to terms for the settlement – but the company agreed to “cease and desist from committing or causing any violations.”

Some significant DOJ and SEC actions targeted individuals. For example, Hawaiian resident Frank James Lyon, 53, was charged and pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA, as well as conspiracy to commit federal program fraud, after trying to bribe government officials in the Federal States of Micronesia. Lyon, a Hawaii-based engineering and consulting company owner was sentenced to 30 months in prison, followed by three years of supervised release. “According to admissions made as part of his plea agreement, between 2006 and 2016, Lyon and his co-conspirators paid bribes to foreign officials in the Federated States of Micronesia (FSM) and Hawaii state officials in exchange for those officials’ assisting Lyon’s company in obtaining and retaining contracts valued at more than $10 million. The bribes included, among other things, cash to FSM officials and Hawaii officials, and vehicles, gifts and entertainment for FSM officials.”

The cases above make clear that U.S. corporations and business leaders are vulnerable to bribery and corruption schemes that are often considered endemic in certain other regions of the world. The DOJ, SEC and other regulatory and investigatory bodies are scrutinizing transactions and behaviors, and conduct that runs afoul of provisions in the FCPA are likely to be met with prosecution and fines.

ISO 37001:2016 to Combat Bribery & Corruption

Corruption is a global problem. In the U.S., business and government leaders are urging organizations to take action now to reduce their risk exposure. To implement best practices and better protect themselves, organizations have found ISO 37001:2016 Anti-Bribery Management Systems standard. Issued by the International Organization for Standardization (ISO) in 2016, ISO 37001 helps organizations of all sizes and industries increase and measure their efforts against bribery and corruption. Organizations can use the principles provided by ISO 37001 to implement the highest integrity standards at every level. At its core, ISO 37001 calls for an organization to establish an anti-bribery policy and appoint a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. The organization must also implement robust internal controls and reporting procedures, and investigation processes to help make ISO 37001 truly effective.

ABAC® (Anti-Bribery and Anti-Corruption) Center of Excellence Limited was founded by international security firm CRI® Group to help organisations of all types and industries implement the highest standards of training and Certification. With a team of experts around the world, ABAC® Center of Excellence is composed of certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. Through their training and experience in implementing ISO 37001 standards, ABAC® Center of Excellence’s agents helps clients more effectively prevent bribery and corruption. As an accredited provider of ISO 37001 ABMS, ABAC® Center of Excellence provides Certification and training for various types and industries organizations.

There are many elements of a comprehensive anti-bribery anti-corruption system. ISO 37001 lays these out in detailed guidance. The following are just a few of the elements of bribery that are addressed by ISO 37001:

• Bribery in the public, private and not-for-profit sectors
• Bribery by the organization
• Bribery by the organization’s personnel acting on the organization’s behalf or for its benefit
• Bribery by the organization’s business associates acting on the organization’s behalf or for its benefit
• Bribery of the organization
• Bribery of the organization’s personnel in relation to the organization’s activities
• Bribery of the organization’s business associates in relation to the organization’s activities
• Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)

Benefits of ISO 37001:2016 Certification 

ISO 37001:2016 certification is designed to help protect the organization, its assets, and shareholders from bribery and corruption. Because Certification must be completed by a qualified, independent third party, it adds a distinct level of credibility to the organization’s management system. It ensures that the organization is implementing a viable anti-bribery management program using widely accepted controls and systems.

Companies and government organisations can rely on best practices set out by ISO 37001’s standards to reduce the risk of bribery and corruption. The following are some of the ways ISO 37001 helps organisations accomplish this goal:

• Provides needed tools to prevent bribery and mitigate related risks
• Helps an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
• Potentially reduces corporate insurance premiums
• Provides customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
• Provides a competitive edge over non-certified organisations the organisation’s industry or niche
• Provides acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

ISO 37001 certification should not be considered “legal cover” for all liability issues related to bribery – but it can be a mitigating factor: “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organization, as it is not possible to eliminate the risk of bribery,” according to ISO. ISO 37001 certification can be considered an important piece of evidence, however, demonstrating to regulators, prosecutors, and the courts that the organization has taken meaningful action to prevent bribery and corruption.

Costs and Timeframes of ISO 37001:2016 Certification

The time and cost of Certification depend on the size of the organization, as well as the state of its existing anti-bribery management system. If it’s very well developed, the process will be shorter and the organization can showcase it to their stakeholders and third parties. For organizations that don’t already have developed good policies, training and due diligence, the standard provides requirements and guidance on how to achieve it.

Some major corporations are seeking Certification. Microsoft, whose prior compliance issues were highlighted earlier in this paper, is reportedly one of them: Microsoft’s Deputy General Counsel, David Howard, wrote that “Microsoft will seek Certification from an independent and accredited third party to demonstrate that our anti-bribery program satisfies the requirements of the standard. We hope other companies will do the same.”

Conclusion

Regulators and enforcement bodies in the U.S. have prioritized rooting out fraud and other financial crimes. Bribery and corruption are at, or near, the top of this list. Investigations and prosecutions have increased in recent years and will continue to do so. Against this backdrop, it is critical that U.S.-based companies, corporations and government organizations take action now to reduce their risk profile and be better protected from liability. ISO 37001 is a perfect first step – or, for some, a next step – toward increasing that level of protection.

ISO 37001 ABMS provides the training and Certification program that organizations need for accountability and effectiveness. The training process can be tailored based on the size, type, industry or risk level. Bribery and corruption are not exclusive to the third world or developing economies. They are pervasive in Western countries, including the U.S., and they require comprehensive measures to make an impact and lessen their effects. ISO 37001 provides solutions that any organization can implement – not tomorrow, but today. The positives of decreased risk, decreased liability and better financial protection outweigh any negatives of the minimal investment in cost and effort.

CONTACT INFORMATION

Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI Group™ Chief Executive Officer

7th Floor, South Quay Building, 77 Marsh Wall, London, E14 9SH United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: zanjum@crigroup.com

References

1. “Corruption Perceptions Index 2019,” Transparency International, 2020 <https://www.transparency.org/cpi2019> (accessed 10 Feb. 2020)
2. “CPI 2019: AMERICAS,” Transparency International, 23 Jan. 2020 <https://www.transparency.org/news/feature/cpi_2019_Americas> (accessed 10 Feb. 2020)
3. Jaclyn Jaeger, “Microsoft to pay $25M in FCPA case,” Compliance Week, 23 July 2019, <https://www.complianceweek.com/anti-corruption/microsoft-to-pay-25m-in-fcpa-case/27446.article > (accessed 10 Feb. 2020)
4. Michael Corkery, “A ‘Sorceress’ in Brazil, a ‘Wink’ in India: Walmart Pleads Guilty After a Decade of Bribes,” The New York Times, 20 June 2019, <https://www.nytimes.com/2019/06/20/business/walmart-bribery-settlement.html > (accessed 10 Feb. 2020)
5. “SEC fines Juniper Networks more than $11.7 million to settle internal control violations,” Reuters, 28 Aug. 2019,< https://www.reuters.com/article/us-usa-sec-fcpa/sec-fines-juniper-networks-more-than-11-7-million-to-settle-internal-control-violations-idUSKCN1VJ2OD > (accessed 11 Feb. 2020).
6. “U.S. Executive Sentenced to Prison for Role in Conspiracy to Violate Foreign Corrupt Practices Act,” U.S. Department of Justice, 14 May 2019,< https://www.justice.gov/opa/pr/us-executive-sentenced-prison-role-conspiracy-violate-foreign-corrupt-practices-act> (accessed 10 Feb. 2020)
7. “ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org, < https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)
8. David Howard, “An update on Microsoft’s approach to compliance,” Microsoft, 7 Mar. 2017, < https://blogs.microsoft.com/on-the-issues/2017/03/07/update-microsofts-approach-compliance/ > (accessed 17 Feb. 2020)

[/accordion_son][/accordion_father][vc_empty_space][/vc_column][/vc_row]