ISO37001: WHAT ORGANISATIONS NEED TO KNOW
The expectations and scrutiny around corporate anti-corruption compliance has just become sharper with the recent launch of ISO37001, an international anti-bribery management systems standard which redefines minimum requirements and supporting guidance for anti-bribery good practice. With authorities continuing their pursuit of corruption-related misconduct amid an increasing number of investigations and scandals emerging especially in recent years, meeting regulators’ expectations continues to be a corporate-wide mandate whilst organisations navigate the challenge of managing risks inherent in their ever-expanding supply chains.
This page has been put together by the team at ethiXbase to provide guidance following a review of useful resources which can be found below and also provides information on how ethiXbase can help your organisation to satisfy ISO 37001 compliance requirements. Read on to understand how your organisation can look to ISO37001 for guidance and start taking a proactive, disciplined and consistent approach to assessing and managing corruption risk and documenting compliance efforts.
ISO37001: AN OVERVIEW
Launched on October 14th 2016, ISO 37001 is an anti-bribery management systems standard designed to help an organisation establish, implement, maintain and improve their anti-bribery compliance program. It is an ISO-certifiable standard that organisations can choose to undertake, which includes a series of measures an organisation must implement that represents globally recognised anti-bribery good practice.
Driven by a risk-based approach, ISO 37001 can enable companies to make better informed decisions about business partners and third parties, by understanding the risks present in their value chains and proactively managing them.
Who can use ISO37001?
ISO 37001 is a flexible tool that can be used by any organization, large or small, whether it be in the public, private or voluntary sector, and in any country. It can be adapted according to the size and nature of the organisation and the bribery risk it faces.
As an optional tool, certification under ISO 37001 does not serve to guarantee that no bribery has occurred or will not take place in relation to an organization, however compliance to the standard can demonstrate appropriate measures undertaken by an organization to prevent bribery.
ISO37001: A CHECKLIST
How can your organisation work towards ISO 37001 compliance? Read this checklist which outlines some of the key measures required under ISO37001.
Please visit the ISO website for guidance on all the measures required under ISO 37001.
SOME KEY REQUIREMENTS
SOME KEY REQUIREMENTS – CHECKLIST
- Does your organisation undertake and review bribery risk assessment(s) on a regular basis and have a clear understanding of all corruption risks within your supply chain?
- Does your organisation maintain documented information demonstrating that bribery risk assessment(s) have been conducted?
- Does your organisation actively manage third party risk and apply a consistent risk-based approach to third party review and due diligence?
- Is the level of due diligence undertaken commensurate with the level of risk?
- Are anti-bribery policies and procedures reviewed periodically and compliance controls tested regularly?
- Are review methods and results of anti-bribery performance documented and retained as evidence?
- Are third party business partners monitored on an ongoing basis commensurate with their risk profile?
- Does your organisation currently have a consistent anti-bribery program along with clear policies outlining acceptable conduct? Are these anti-bribery policies communicated within your organisation and to business associates (third parties)?
- Is your anti-bribery policy available as documented information, and made accessible to relevant stakeholders, as appropriate?
- Do you control gifts, hospitality, donations and similar benefits to ensure that they do not have a corrupt purpose; and clearly communicate gift-giving policies internally and externally?
- Does your business demonstrate commitment to anti-corruption goals by providing periodic training to staff, management and third parties to ensure that global and local anti-corruption requirements, regulatory changes and any updates in your organisation’s anti-bribery program and policies are understood and adhered to?
- If you have an anti-bribery program as well as policies in place, are these clearly communicated and understood across all levels of your organisation, and within your business networks? How are these communicated? Is this tracked?
Reporting and investigation procedures for suspected and actual bribery
- Are there procedures which require assessment and, where appropriate, investigation of bribery or breach of the anti-bribery policy, which is reported, detected or reasonably suspected?
- Do you encourage the use of reporting procedures for suspected and actual bribery, such as through the implementation of whistleblowing procedures?
- Are there procedures which require appropriate action in the event the investigation reveals bribery, or breach of the anti-bribery policy?
HOW ETHIXBASE CAN HELP
Aimed at helping organisations leverage ISO37001 for anti-corruption compliance and business success, ethiXbase offers the following solutions to assist organisations in their efforts to achieve goals under ISO37001 measures. ethiXbase supports organisations, no matter their size or budget, to achieve effective compliance and manage third party risks through cost-effective due diligence, ongoing monitoring, ethics and compliance communications and anti-corruption training and education.
Please click below to find out more.
RISK-BASED DUE DILIGENCE &
LEARN MORE +
ETHICS COMPLIANCE COMMUNICATIONS
LEARN MORE +
LEARN MORE +
Assessment of bribery risk and conducting risk-based due diligence
ethiXbase offers cost effective and risk proportionate anti-corruption due diligence options that match an organisation’s corruption and third party risk exposure and business needs. Conduct free instant and ongoing due diligence on 100% of your third parties with the ethiXbase 2.0 Third Party Compliance platform and escalate higher risk third parties through market leading workflows as and when required.
Online due diligence including not only sanctions & enforcements but also politically exposed persons and adverse media related to specific risk areas such as corruption, financial crime, criminality, human rights, environmental crimes etc.
Monitoring, measurement, analysis and evaluation
ethiXbase 2.0 offers ongoing monitoring of third party risk beyond the onboarding stage, allowing you to save third parties for daily ongoing monitoring and reporting on third party compliance. Should a third parties risk profile change over time the system is also set up with inbuilt market leading escalation workflows to ensure any changes in a third parties risk profile are investigated and so you have the intelligence to review the impact on your business.
Register for free access to the ethiXbase 2.0 Third Party Compliance Platform
Communicating anti-bribery programs and policies third parties
The ethiXbase 2.0 Third Party Compliance platform facilitates the communication of important compliance and policy information to your third parties along with regular ethics and anti-corruption content. Benefit from a full audit trail of communications sent, opened, and attested to.
Learn more about the ethiXbase 2.0 Third Party Compliance platform
ethiXbase offers customisable training programs as part of the Ethical Alliance Corporate Anti-Corruption Program to ensure your organisation’s employees, management and third parties are up to-date on required anti-corruption compliance standards such as the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act (UKBA), local laws and regulations, and your organisation’s own standards, codes and policies.
Learn more about customisable ethics and anti-corruption training with the Ethical Alliance Corporate Anti-Corruption Program
The following is a list of reference material published by ISO on ISO 37001: