What are ISO 37001’s requirements ?
Part 1 – The first steps
By Jean-Pierre Méan
Published on Tuesday December 5, 2017
ISO 37001 reflects the development of anti-bribery practices in the advent of the introduction of corporate liability in the State parties to the OECD Convention. Its requirements are therefore not new to practitioners in the field. What is innovative about ISO 37001 is that it offers a structured and in-depth approach to anti-bribery which has not existed to the same extent before.
When starting to implement an anti-bribery management systems two preconditions are required to lay the groundwork for success. They are:
1. Leadership: also known as tone from the top. This is an essential element of any anti-bribery management system. In fact, research has shown that this is the one factor which has the most predictive impact on the success of anti-bribery measures. Leadership means that the Board of Directors or the Supervisory Board or whoever has the ultimate authority in an organization actively supports and promotes the implementation of the anti-bribery management system. There is more at play here than putting technical measures in place. What is required is a cultural change or reinforcement. Leadership further means that senior management must be fully committed and actively involved in putting the system in place with the support of, not a delegation to, the Compliance function. Leadership must be clearly and openly communicated. When an anti-bribery policy is adopted, middle (and part of senior) management will invariably wonder whether it is sincere or just window dressing. It is the leadership’s task to remove any doubt in this respect.
Leadership cannot be decreed. It emanates from a conviction. Either that conviction is there or it is not. If it is not, there is little likelihood of success.
2. A risk assessment: ISO 37001 is risk based, which means that its implementation must reflect the specific corruption risks to which an organization is exposed so as to scale the anti-bribery policy accordingly. This implies a good understanding of the context in which the organization operates including the following factors: size of its operations, structure, location(s), sector(s), nature of its activities, business model, controlled entities, business associates, extent of interactions with business officials and applicable statutory, regulatory, contractual and professional obligations and duties.
Do you want to contribute to the blog?
Please have a look at our Blog Guidelines
