“Bribery is a significant business risk in many countries and sectors,” says Neill Stansbury, Chair of ISO project committee ISO/PC 278 responsible for the new standard. “In many cases, it has been tolerated as a ‘necessary’ part of doing business. However, increasing awareness of the damage caused by bribery to countries, organizations and individuals has resulted in calls for effective action to be taken to prevent bribery.”

Many organizations have already invested significant time and resources into developing internal systems and processes for preventing bribery. ISO 37001:2016, Anti-bribery management systems – Requirements with guidance for use, is designed to support and broaden those efforts, while providing transparency and clarity on the measures and controls that organizations should be putting in place and how to implement them most effectively and efficiently.

ISO 37001 will help prevent, detect and deal with bribery, whether such bribery is by or on behalf of an organization or its employees or business associates. Using a series of related measures and controls, including supporting guidance, the anti-bribery management system specifies requirements for:

  • An anti-bribery policy and procedures
  • Top management leadership, commitment and responsibility
  • Oversight by a compliance manager or function
  • Anti-bribery training
  • Risk assessments and due diligence on projects and business associates
  • Financial, procurement, commercial and contractual controls
  • Reporting, monitoring, investigation, and review
  • Corrective action and continual improvement

Stansbury says that ISO 37001 has been developed to ensure flexible use by organizations of all sizes, wherever they may do business. “The bribery risk facing an organization varies according to factors such as the size of the organization, the countries and sectors in which the organization operates, and the nature, scale and complexity of the organization’s operations. Therefore, ISO 37001 specifies the implementation by the organization of reasonable and proportionate policies, procedures and controls.”

Organizations may choose to be certified to ISO 37001 by accredited third parties, to confirm that their anti-bribery management system meets the standard’s criteria. Although certification (or compliance) to ISO 37001 cannot provide assurance that no bribery has occurred or will take place in relation to an organization, the standard can help establish that the organization has implemented all appropriate measures designed to prevent bribery.

ISO 37001 builds on guidance from various organizations, such as the International Chamber of Commerce, the Organisation for Economic Cooperation and Development, Transparency International and various governments, representing a global consensus on anti-bribery good practices. It was developed by ISO project committee ISO/PC 278, Anti-bribery management systems, whose secretariat is held by BSI, the ISO member for the United Kingdom.