What are ISO 37001’s requirements ?
Part 2 – Putting the system in place
By Jean-Pierre Méan
Published on Tuesday December 19, 2017
To start putting the anti-bribery management system in place, the first thing to do is to issue an anti-bribery policy.
This policy should include a prohibition of bribery and a commitment to comply with all applicable anti-bribery laws. It should be tailored to the organization, provide a framework for achieving anti-bribery objectives and include commitments to satisfy anti-bribery management system requirements and to continual improvement. It should encourage raising concerns and explain the role of the Anti-Bribery Compliance Function as well as the consequences of not complying with the anti-bribery policy.
The policy should be available to stakeholders and be communicated directly to all personnel and business associates who pose more than a low bribery risk. It should be translated in all appropriate languages.
The policy should be complemented by procedures on gifts, hospitality, donations and similar benefits since these items can be used as a subterfuge for bribery.
Procedures need also to be implemented that permit to raise concerns and obtain advice in confidence and without fear of retaliation. Anonymous reporting should be allowed.
Although the implementation of the anti-bribery policy is the responsibility of all personnel (including directors, officers and all staff), an Anti-Bribery Compliance Function must be entrusted with overseeing the implementation of the policy, providing advice and guidance, ensuring that the anti-bribery management system conforms with the requirements of ISO 37001 and reporting to top management and to the Board of Directors.
The Anti-Compliance Function must be adequately resourced with persons who have the appropriate competence, status, authority and independence. It must have direct access to top management and to the Board of Directors or to the appropriate committee of the Board.
The communication of the anti-bribery policy must be complemented by training enabling personnel to understand better the anti-bribery policy, the anti-bribery risks, the circumstances in which bribery can occur in relation to their duties, how they can respond to solicitations or offers of bribes, how they can avoid bribery and contribute to the effectiveness of the anti-bribery management system, how they are able to report concerns and what are the implications of not confirming with the anti-bribery management systems requirements.
Training must be provided on a regular basis to personnel and to business associates acting on behalf or for the benefit of the organization and who could pose more than a low bribery risk.
Do you want to contribute to the blog?
Please have a look at our Blog Guidelines
