ISO 37001:2016 Anti-bribery management systems — Requirements with guidance for use is provides a framework for establishing, implementing, maintaining, and continually improving an anti-bribery management system. It can be used by any organization, large or small, whether it be in the public, private or voluntary sector, and in any country. The standard covers bribery by, or of:
- the organization;
- the organization’s personnel acting on the organization’s behalf or for its benefit;
- the organization’s business associates acting on the organization’s behalf or for its benefit;
- the organization’s business associates in relation to the organization’s activities;
- direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).
ISO 37001 is a flexible tool that can be adapted according to the size and nature of the organization and the bribery risk it faces. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and respond to bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.
The standard does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities.
Table of Contents
Introduction |
1 Scope |
2 Normative references |
3 Terms and definitions |
4 Context of the organization |
4.1 Understanding the organization and its context |
4.2 Understanding the needs and expectations of stakeholders |
4.3 Determining the scope of the anti-bribery management system |
4.4 Anti-bribery management system |
4.5 Bribery risk assessment |
5 Leadership |
5.1 Leadership and commitment |
5.2 Anti-bribery policy |
5.3 Organizational roles, responsibilities and authorities |
6 Planning |
6.1 Actions to address risks and opportunities |
6.2 Anti-bribery objectives and planning to achieve them |
7 Support |
7.1 Resources |
7.2 Competence |
7.3 Awareness and training |
7.4 Communication |
7.5 Documented information |
8 Operation |
8.1 Operational planning and control |
8.2 Due diligence |
8.3 Financial controls |
8.4 Non-financial controls |
8.5 Implementation of anti-bribery controls by controlled organizations and by business associates |
8.6 Anti-bribery commitments |
8.7 Gifts, hospitality, donations and similar benefits |
8.8 Managing inadequacy of anti-bribery controls |
8.9 Raising concerns |
8.10 Investigating and dealing with bribery |
9 Performance evaluation |
9.1 Monitoring, measurement, analysis and evaluation |
9.2 Internal audit |
9.3 Management review |
9.4 Review by anti-bribery compliance function |
10 Improvement |
10.1 Nonconformity and corrective action |
10.2 Continual improvement |
Annex A Guidance on the use of this document |
A.1 General |
A.2 Scope of the anti-bribery management system |
A.3 Reasonable and proportionate |
A.4 Bribery risk assessment |
A.5 Roles and responsibilities of governing body and top management |
A.6 Anti-bribery compliance function |
A.7 Resources |
A.8 Employment procedures |
A.9 Awareness and training |
A.10 Due diligence |
A.11 Financial controls |
A.12 Non-financial controls |
A.13 Implementation of the anti-bribery management system by controlled organizations and by business associates |
A.14 Anti-bribery commitments |
A.15 Gifts, hospitality, donations and similar benefits |
A.16 Internal audit |
A.17 Documented information |
A.18 Investigating and dealing with bribery |
A.19 Monitoring |
A.20 Planning and implementing changes to the anti-bribery management system |
A.21 Public officials |
A.22 Anti-bribery initiatives |
Implementation
Implementing an Anti-Bribery Management System (ABMS) in an organization in conformity with ISO 37001 involves several key steps.
Here are those steps.
Leadership and Commitment
- Obtain leadership commitment and support for the implementation of the ABMS.
- Establish a clear anti-bribery policy and communicate it throughout the organization.
Risk Assessment
- Conduct a thorough risk assessment to identify and evaluate bribery risks that the organization may face.
- Assess the likelihood and potential impact of bribery in different areas of the business.
Legal and Other Requirements
- Identify and ensure compliance with relevant legal and regulatory requirements related to anti-bribery.
- Consider international conventions and applicable laws in different jurisdictions.
Anti-Bribery Policy and Objectives
- Develop an anti-bribery policy that aligns with the organization’s objectives.
- Set measurable objectives to support the policy and facilitate continuous improvement.
Organizational Structure, Roles and Responsibilities
- Define the organizational structure for anti-bribery management.
- Allocate roles and responsibilities to ensure effective implementation and maintenance of the ABMS.
Competence and Training
- Identify the competencies required for personnel involved in anti-bribery efforts.
- Develop and implement training programs to ensure personnel have the necessary skills.
Communication
- Establish effective communication processes to raise awareness of the anti-bribery policy.
- Ensure that relevant information is communicated to all levels of the organization.
Documentation and Information Management
- Develop and maintain documentation that supports the ABMS.
- Implement information management processes to ensure data integrity and accessibility.
Due Diligence Processes
- Establish due diligence processes for evaluating and selecting business partners, suppliers, and other third parties.
- Assess the risk of bribery associated with external entities.
Financial and Commercial Controls
- Implement financial and commercial controls to prevent and detect bribery.
- Ensure transparency and accuracy in financial reporting.
Reporting and Investigation
- Establish a reporting mechanism for employees to report suspected or actual cases of bribery.
- Implement a process for investigating reported incidents and taking appropriate actions.
Whistleblower Protection
- Develop measures to protect whistleblowers from retaliation.
- Ensure confidentiality and anonymity for individuals reporting bribery.
Corrective Actions and Continual Improvement
- Implement corrective actions to address identified weaknesses and areas of non-compliance.
- Continually monitor and improve the ABMS.
Monitoring and Measurement
- Establish key performance indicators (KPIs) to monitor the effectiveness of the ABMS.
- Regularly measure and evaluate performance against established KPIs.
Internal Audits
- Conduct regular internal audits to assess the compliance of the ABMS with ISO 37001.
- Identify areas for improvement through the audit process.
Management Review
- Conduct regular management reviews to assess the overall performance of the ABMS.
- Identify opportunities for improvement and make strategic decisions to enhance the system.
Certification
- Consider seeking certification from a recognized certification body to demonstrate conformity with ISO 37001.
- Prepare for external audits as part of the certification process.
Documentation and Record Keeping
Establish processes for document control and record keeping to demonstrate compliance with ISO 37001 requirements.
In conclusion…
It is important to note that the implementation of an ABMS is an ongoing process, and organizations should continually monitor, evaluate, and improve their systems to ensure they remain effective in preventing and detecting bribery within the organization.
Comments (0)