ISO 37001:2017
ISO 37001:2017 Anti-Bribery Management
The ISO 37001:2016 standard (SR ISO 37001:2017 - Romanian standard) was adopted as a response to one of the problems facing humanity at the global level - bribery, a phenomenon that undermines governance and human rights, distorts competition, erodes justice and is a major obstacle in the way of development or the fight against poverty.
Bribery is defined by law, which is why there are different definitions for this term from country to country. Therefore, the standard only provides a generic definition of bribery.
The term "bribe” is used to refer to offering, promising, giving, accepting or soliciting an advantage (which could be financial or non-financial), directly or indirectly, in violation of applicable law, as an incentive or reward for a person to act or to abstains from acting in connection with the fulfillment of that person's duties. (www.iso.org – 37001 Briefing Note).
As specified in the introduction to the ISO 37001 standard, governments have made progress in combating bribery through their own national legislation (e.g. Romania's National Anti-Corruption Strategy) and through international agreements such as the Convention on Combating Bribery of Foreign Public Agents in international commercial transactions adopted by the Organization for Economic Cooperation and Development and the United Nations Convention against Corruption. The ISO 37001 standard provides a competitive advantage to organizations by helping them proactively contribute to combating bribery, the law being insufficient to solve the problem related to corruption.
ISO 37001 applies to any type of organization in the public or private sector, commercial or non-profit, regardless of size, structure, products or services offered and can be easily integrated with other management systems (ISO 9001 - quality, ISO 27001 - security information, etc.), its structure and adopted terminology being in accordance with Annex SL of the ISO Directives - High Level Structure.
ISO 37001 specifies requirements and guidelines for establishing, implementing, maintaining and improving an anti-bribery management system taking into account the context of the organization and aims to:
prevention, detection and fight against bribery;
compliance with anti-bribery legislation, international anti-bribery good practices or voluntary commitments;
compliance with the codes of ethics and business conduct;
minimizing the risks related to financial losses and criminal prosecution.
The standard addresses the following risk categories in relation to the organization's activities:
bribery in the public, private and non-profit sectors;
bribery by the organization;
bribery by the organization's staff;
bribery by business partners who act on behalf or for the benefit of the organization;
bribing the organization;
bribing the organization's staff in connection with the organization's activities;
bribing business partners in connection with the organization's activities;
direct and indirect bribery.
The bribery risks to which an organization is exposed vary depending on several factors - the size of the organization, the locations and sectors in which it operates, the nature and complexity of its activities.
Policies, procedures and measures
Depending on the risks identified, the organization will implement appropriate policies, procedures or measures and controls to combat bribery. ISO 37001 specifies measures and controls, but also guidelines for their implementation, such as:
- adopting and implementing an anti-bribery policy;
- application of the leadership principle (the management at the highest level must demonstrate commitment and responsibility regarding the anti-bribery management system);
- staff training;
- periodic evaluation of the risk of bribery;
- due diligence services for the organization's projects or business partners;
- implementing controls on the organization's staff to prevent bribery;
- requesting anti-bribery commitments from business partners;
- implementing procedures to prevent offering, making available or accepting gifts, hospitality, donations, etc. when they could be perceived as acts of bribery;
- implementing financial, commercial or contractual controls to reduce the risk of bribery;
- the implementation of reporting procedures to preserve confidentiality;
- the implementation of a process regarding the investigation and treatment of suspected or actual cases of bribery;
- implementation of corrective actions and continuous improvement.
ISO 37001:2016, structured according to the PDCA Cycle ("Plan-Do-Check-Act"), promotes the adoption of the process-based approach for the effective documentation, implementation and improvement of the anti-bribery management system. The procedural approach involves the systematic definition and management of the processes in the organization and the interactions between the processes in order to fulfill the objectives of the organization in accordance with the anti-bribery policy.