Reasons why the ISO Standard makes sense
All companies have put in place anti-corruption programmes to comply with applicable regulations, including FCPA, UK Bribery Act, French Loi Sapin 2…
The key word in the ISO 37001 Anti-bribery Management Systems standard is actually the word “System”. In addition to the programmes that exist to ensure you comply with the regulations you have identified, the System will actually ensure you do the following:
- Review on a regular basis the context of your organisation: “you have a new subsidiary in the UK, you need to make sure to comply with the UK Bribery Act”, “you develop a new business model involving distributors: you have to include those in your anti-bribery risk analysis”
- Review annually your risk analysis, define yearly objectives for your anti-bribery management system (e.g. % of suppliers needing Due Diligence, turnaround time of investigations, % of employees trained in each employee category…), measure them and take action if they have not been achieved!
- Have a system to organise your procedures and keep records (this can be useful the day you need to demonstrate you have taken the appropriate steps when you are under investigation)
- Do an annual Top Management Review and internal audit programme to ensure a continuous improvement of your system: ensure that you identify gaps either in your procedures or their actual implementation, and ensure that they are not only corrected on time, but also that you have treated the root cause of the issue with the appropriate corrective action, so that it doesn’t happen again
Once again, having a system doesn’t prevent one individual occurrence (and this is one of the criticisms of the ISO 9001 Quality Management System), however, when it is properly implemented and reviewed/certified by qualified external third parties it ensures that you continuously learn from the issues you have identified and prevent further issues arising in your organisation