It is a lovely Thursday morning in October and I am looking out at the Thames, St Katharine’s Dock and the Tower of London. I am attending the launch of the new Anti-Bribery Management Systems Standard - an internationally recognised set of measures to prevent and detect bribery - also known as ISO37001-2016, hosted by Mazars. I wanted to share with you news about the Standard as I believe based on those attending and presenting at the event that it is a game changer in the campaign to eradicate bribery across the globe.
Bribery is one of the most destructive and complex problems of our times, and despite national and international efforts to combat it, it remains widespread. This was highlighted by a recent Panorama programme on the BBC. According to OECD With over US$ 1 trillion paid in bribes each year, the consequences are catastrophic, reducing quality of life, increasing poverty and eroding public trust. Yet despite efforts on national and international levels to tackle bribery, it remains a significant issue.
Recognising this, International Organization for Standardization (ISO) has developed a new Standard to help organisations fight bribery and promote an ethical business culture.
‘Corruption is the greatest obstacle to reducing poverty’ (The World Bank)
Adopting the international standards isn’t compulsory but in some market sectors it provides competitive advantage. 20 years ago, according to the ISO, bribery was part of doing business the challenge now is to convert the theory of the Anti-Bribery legislation and the ISO Anti-Bribery Standard into good business practice.
Anti-bribery is not anti-corruption but conformance to the new Standard will go a long way towards enhancing an organisation’s reputation. Although the ISO 37001 Standard closely resembles existing anti-bribery and corruption guidance in some respects, it sets out for the first time an internationally agreed-upon set of procedures. Companies can use and understand this Standard when doing business with suppliers around the world. At a practical level, it will be universal shorthand for ‘we are OK to do business with’.
The Standard is designed to help organisations implement an anti-bribery management system, or enhance the controls currently in place. It helps to reduce the risk of bribery occurring and can demonstrate to your stakeholders that you have put in place internationally recognised good-practice anti-bribery controls.
ISO 37001-2016 can be used by any organisation, large or small, whether it be in the public, private or voluntary sector, and in any country. It is a flexible tool, which can be adapted according to the size and nature of the organisation and the bribery risk it faces. It is a high Standard but totally achievable in that it is a reasonable proportionate measure relevant to each organisation dependent upon size and market sector.
The Standard specifies a series of measures to help organisations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
Poor governance creates risks for companies, particularly since the introduction of the UK’s Bribery Act in 2010. The Act defined bribery as the receiving or offering/giving of any benefit by or to any public servant or officeholder or to a director or employee of a private organisation to induce that person to give improper assistance in breach of his or her duty.
In effect the Standard builds on the work organisations did to embed the Anti-Bribery legislation when it came into force in 2011. Furthermore, the due diligence element of the Standard will impact on the supplier chain dependent upon the sector your organisation is operating in.
Bribery prevention is increasingly seen as a management issue so anti-bribery is about good management and good controls and also talks to the culture of your organisation with regard to integrity and ethical values.
The work required by organisations, risk teams and internal auditors in order to comply included e.g. creation of a policy, creation of procedures, training programmes, and a health-check included in the annual internal audit programme.
Although the new Standard won’t be adopted by all organisations it will be essential to those organisations high-risk sectors or high-risk geographical areas. If the Standard is adopted by your organisation then there is an opportunity for internal audit to work with senior management and the risk team to ensure successful accreditation. For example internal audit may be asked to:
Internal audit should understand the attitude and tolerance of the board and executive management toward bribery risks, assess whether that attitude is sufficiently restrictive, and validate that this attitude has been adequately communicated throughout the organisation i.e. is the tone from the top appropriate. As such, internal audit should scrutinize the governance structure and the monitoring and oversight responsibilities related to anti-bribery programmes.
According to Ethics Intelligence the Standard brings three advantages.