The International Organization for Standardization (ISO) recently published a new standard designed as a business tool to fight bribery. ISO 37001:2016, Anti-Bribery Management Systems - Requirements with guidance for use, is intended for organizations of all sizes to combat bribery risk within their own operations and among their global value chains. The American National Standards Institute (ANSI) is the U.S. member body to ISO and a participant in ISO Project Committee (PC) 278, Anti-bribery management systems, which developed the standard.
Designed by global businesses and stakeholders with an emphasis on operations and a risk-based approach, ISO 37001 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system. The system can be stand-alone or can be integrated into an overall management system. ISO 37001 addresses the following in relation to the organization's activities:
Bribery in the public, private, and non-profit sectors;
Bribery by the organization;
Bribery by the organization's personnel acting on the organization's behalf or for its benefit;
Bribery by the organization's business associates acting on the organization's behalf or for its benefit;
Bribery of the organization;
Bribery of the organization's personnel in relation to the organization's activities;
Bribery of the organization's business associates in relation to the organization's activities;
Direct and indirect bribery (e.g., a bribe offered or accepted through or by a third party).
As U.S. Technical Advisory Group (TAG) to ISO PC 278 members recently reported in an article published by Ethisphere.com (page 30), the standard builds on guidance from various organizations, including the International Chamber of Commerce, the Organization for Economic Cooperation and Development, Transparency International, and various governments representing a global consensus on anti-bribery best practices.
While ISO 37001 has the potential to reduce corporate risk, it does not specifically address fraud, cartels, other anti-trust/competition offenses, money-laundering, or other activities related to corrupt practices, although an organization can choose to extend the scope of the management system to include such activities. The requirements of the standard are generic and intended to be applicable to all organizations, or parts of an organization, regardless of type, size, and nature of activity, and whether in the public, private, or non- profit sectors.
ISO PC 278 developed ISO 37001 through the collaborative work of 37 participant countries, including the United States, and with Secretariat leadership from BSI (UK).