iso

ISO 37001:2016
Anti-bribery Management System
WHITE PAPER

ISO 37001
Anti-bribery Management
System

Background and
overview to the
ISO 37001:2016

An anti-bribery management system is designed to instil an anti-bribery culture within an organization and implement appropriate controls, which will in turn increase the chance of detecting bribery and reduce its incidence in the first place.

ISO 37001, Anti-bribery management systems – Requirements with guidance for use, gives the requirements and guidance for establishing, implementing, maintaining and improving an anti-bribery management system. The system can be independent of, or integrated into, an overall management system.

It covers bribery in the public, private and not-for-profit sectors, including brib-ery by and against an organization or its staff, and bribes paid or received through or by a third party. The bribery can take place anywhere, be of any value and can involve financial or non-financial advantages or benefits.

An Anti-bribery Management System is the establishment of a closed-loop control architecture that establishes, implements, maintains, reviews and improves management strategies and objectives which address the specific requirements of ISO 37001 standard.¬ Even though the nature of an organization differs from one another, this standard addresses management objectives for the prevention of bribery in these contexts:

  • Bribery in the public, private and non-for-profit sectors
  • Bribery by the organization
  • Bribery by the organization’s personnel acting on organization’s behalf or for its benefit
  • Bribery by the organization’s business associates acting on the organization’s behalf or for its benefit
  • Bribery of the organization
  • Bribery of the organization’s personnel in relation to the organization’s activities
  • Bribery of the organization’s businesses associates in relation to the organization’s activities
  • Direct and indirect bribery

ISO 37001:2016
clauses

Key clauses of ISO 37001:2016

Following the new structure of the ISO 37001 is organized into the following main clauses:

 

Clause 4:Context of the organization Clause 5: Leadership Clause 6: Planning for the Anti-bribery Management System Clause 7: Support
Clause 8: Operation Clause 9: Performance evaluation Clause 10: Improvement

Key
Areas

New ISO 37001:2016 Standard

The core elements of an anti-bribery and corruption compliance program in accordance with ISO 37001

Clause 4 - Context of the organization

Including understanding the organization, expectations of stakeholders, strategy, system and risk assessment

 

Clause 5 - Leadership

Including governing body, anti-bribery policy, compliance function, roles and responsibilities

 

Clause 6 - Planning

Including actions to address risks and opportunities, ABC-compliance objectives and planning of activities

 

Clause 7 - Support

Including resources, competences, awareness and training, communication and documentation

PDCA
Cycle

ISO 37001:2016
Environment

PLAN

identify anti-bribery obligations and evaluate compliance risks in order to develop a strategy, including measures to address any issues

DO

implement measures and establish mechanisms to monitor their effectiveness

ACT

Review and improve the program continually, ensuring cases of non-compliance are monitored and examined

CHECK

Review the anti-bribery management program on the basis of the controls implemented

ISO 37001
Links

Integration with
other management systems

Link between ISO 37001:2016 and other standards

The organization can choose if it wants to implement the Anti-bribery Management System as a separate system, or as an integrated part of an overall compliance management system. In such a case, the organization can refer for guidance to ISO 19600. This International Standard can stand alone or it can be integrated with other existing management systems such as Quality Management System, Environmental and Safety Management System (ISO 9001, ISO 14001, ISO 27001 and ISO 22301).

Requirements ISO 37001:2016 ISO 9001:2015 ISO 14001:2015 ISO 27001:2013 ISO 22301:2012
Management System Objectives 6.2 6.2 6.2 6.2 6.2
Management System Policy 5.2 5.2 5.2 5.2 5.3
Leadership and Commitment 5.1 5.1 5.1 5.1 5.2
Documented information 7.5 7.5 7.5 7.5 7.5
Internal Audit 9.2 9.2 9.2 9.2 9.2
Continual Improvement 10.2 10.3 10.2 10.2 10
Management Review 9.3 9.3 9.3 9.3 9.3

Benefits

ISO 37001
What are the benefits?

Anti-bribery Management System- the Business Benefits

Implementing an anti-bribery management system requires leadership and input from top management, and the policy and programme must be communicated to all staff and external parties such as contractors, suppliers and joint venture partners.

ISO 37001 is designed to help your organization implement an anti-bribery management system or enhance the controls you currently have. It requires implementing a series of measures such as adopting an anti-bribery policy, appointing someone to oversee compliance with that policy, vetting and training employees, undertaking risk assessments on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.

In this way, it helps to reduce the risk of bribery occurring and can demonstrate to your management, employees, owners, funders, customers and other business associates that you have put in place internationally recognized good-practice anti-bribery controls. It can also provide evidence in the event of a criminal investigation that you have taken reasonable steps to prevent bribery.

Some of the key business benefits of adopting the ISO 37001:

  • Prevent, detect and address bribery risks
  • Increase international recognition
  • Prevent conflict of interest
  • Cost reduction
  • Promotes an Anti-bribery culture

ISO 37001
Certification

Certification
Steps

Certification of Organizations

The usual path for an organization that wishes to be certified against ISO 37001 is the following:

1. Implementation of the management system:

Before being audited, a management system must be in operation for some time. Usually, the minimum time required by the certification bodies is 3 months.

2. Internal audit and review by top management:

Before a management system can be certified, it must have had at least one internal audit report and one management review.

3. Selection of the certification body (registrar):

Each organization can select the certification body (registrar) of its choice

4. Pre-assessment audit (optional):

An organization can choose to perform a pre-audit to identify any possible gap between its current management system and the requirements of the standard

5. Stage 1 audit:

A conformity review of the design of the management system. The main objective is to verify that the management system is designed to meet the requirements of the standard(s) and the objectives of the organization. It is recommended that at least some portion of the Stage 1 audit should be performed on-site at the organization’s premises.

6. Stage 2 audit (On-site visit):

The Stage 2 audit objective is to evaluate whether the declared manage - ment system conforms to all requirements of the standard, is actually being implemented in the organi - zation and can support the organization in achieving its objectives. Stage 2 takes place at the site(s) of the organization’s sites(s) where the management system is implemented.

7. Follow-up audit (optional):

If the auditee has non-conformities that require additional audit before be - ing certified, the auditor will perform a follow-up visit to validate only the action plans linked to the non- conformities (usually one day).

8. Confirmation of registration:

If the organization is compliant with the conditions of the standard, the Registrar confirms the registration and publishes the certificate.

9. Continual improvement and surveillance audits:

Once an organization is registered, surveillance activi - ties are conducted by the Certification Body to ensure that the management system still complies with the standard. The surveillance activities must include on-site visits (at least 1 per year) that allow veri - fying the conformity of the certified client’s management system and can also include: investigations following a complaint, review of a website, a written request for follow-up, etc

STAY
IN
TOUCH

GABRIEL
REGISTRAR

Contact us to know more about
ISO 45001:2018 Occupational Health & Safety Management System