05 Jul 2016
A new global standard is being developed by the International Organisation for Standardisation on anti-bribery management systems, which is intended to help organisations fight bribery and promote an ethical business culture.
The new standard, IS0 37001, is likely to become a benchmark for anti-bribery systems and may influence how regulators evaluate corporate compliance programmes.
In this article, Neill Blundell, Partner and Head of the Fraud & Investigations Group at leading global law firm Eversheds, and Aisling O’Sullivan, an Associate in the Fraud and Investigations Group at Eversheds, examine the draft ISO 37001 and its implications.
Bribery and Corruption
Bribery and corruption is one of the world’s most destructive and challenging issues. The IMF estimates the annual cost of bribery is around $1.5 to $2 trillion, equating to 2% of global GDP. The real cost of bribery is much higher. It destroys jobs, stunts economic growth, sustains poverty and discourages investment. For companies, it poses a criminal, financial and reputational risk.
Whilst there is now a consensus that bribery and corruption are real risks to business, not all companies have been effective in promoting a culture designed to counter those risks. In an international study conducted by Eversheds LLP, 80% of 500 board level executives admitted to uncovering corrupt business practices in their organisation, despite anti-bribery laws now being prevalent across the world. Further, more than half of respondents (59%) said their company’s anti-bribery and corruption policies do not work effectively and only 32% said they understand them.
The future ISO 37001, entitled Anti-Bribery Management Systems, hopes to address these risks by specifying a series of measures to help organisations prevent, detect and address bribery.
ISO 37001 aims to provide a common international standard that recognises the processes implemented within organisations to prevent bribery and corruption. It is prescriptive: rather than giving guidelines, the standard stipulates a set of verifiable requirements whereby auditors will provide independent certification that an organisation has implemented reasonable and proportionate measures to prevent bribery.
Over 40 countries are participating in the drafting of ISO 37001 and, once published in late 2016, it will take account of internationally recognised good anti-bribery practices. The standard is designed to work across small, medium and large organisations, in all areas of business, including public, private and not-for-profit sectors.
Whilst the standard can be applied globally, organisations will not be obliged to conform with any part of the standard that is in conflict with or prohibited by applicable law.
ISO 37001 requires organisations to undertake a bribery risk assessment to identify, evaluate and respond to risks of bribery in addition to assessing the suitability and effectiveness of their existing controls. The evaluation component includes analysing the internal processes of the organisation’s structure and operations, but also more broadly considering conduct risk-based due diligence on business partners, suppliers or third parties with which the organisation deals. ISO 37001 could therefore become an efficient method of promoting anti-bribery compliance systems throughout the value chain.
In addition to requiring risk assessments, ISO 37001 also requires organisations to:
- implement an anti-bribery policy and programme;
- train employees appropriately;
- communicate the policy and programme throughout the organisation;
- conduct risk-based due diligence;
- demonstrate “tone from the top”;
- obtain third party compliance with anti-bribery controls;
- obtain employee compliance commitments;
- implement reporting channels (whilst protecting whistle-blowers);
- periodically review and improve anti-corruption compliance controls; and
- prohibit facilitation payments.
Whilst ISO 37001 will not eradicate bribery, it should ensure that organisations have the appropriate measures in place designed to prevent bribery. This is important not only for attracting business, as companies that gain certification will have an advantage over competitors, but also in allowing organisations to efficiently distinguish the standards of potential business partners.
It will also be advantageous to an organisation should they find themselves under investigation by a regulator for bribery or corruption. The standard will enable such organisations to show that they have taken the appropriate steps to avoid such wrongdoing which may help avoid prosecution or achieve a more favourable settlement. Under the Bribery Act 2010, an organisation that can prove it has adequate procedures in place to prevent bribery will have a defence to the section 7 corporate offence.
In our view ISO 37001 may experience some initial institutional caution as it has been drafted with little governmental influence, instead relying on a diverse range of international sources.. One potential issue is that the majority of requirements contain the annotation “as appropriate”. This affords a significant degree of discretion to the auditor as to how strictly this standard is to be applied, therefore creating potential inconsistency between standards. Another possible obstacle is that some countries may already have their own legal requirements that may conflict with ISO 37001, or indeed necessitate a higher level of compliance.
Certainly the global scope and universal application of the proposed ISO 37001 will create an easily recognised, ethical standard of business practice in relation to bribery and corruption. However, it will only be truly effective if the standard is enshrined not only in the internal processes of an organisation, but also embraced by all companies and clients with which the organisation deals. Whilst this may sound as if it would be difficult to achieve in practice, there are reasons to be optimistic that the standard could herald the start of a real change in culture: we note for example the attitude of the World Federation of Engineering Organisations, who have endorsed the view that independently certified compliance with ISO 37001 should be a pre-condition to obtaining work on major public sector contracts during the procurement process. It remains to be seen whether major institutions such as the World Bank and its affiliates will follow suit. Naturally, the extent to which countries and institutions use the standard will vary, particularly in the beginning. However, in our view the standard has the potential to encourage real growth in the global community of organisations committed to ethical business practice in this area.
Neill Blundell, is a Partner and Head of the Fraud & Investigations Group at leading global law firm, Eversheds. Neill is a highly experienced fraud and regulatory lawyer who is able to advise clients on the interface between business and regulatory practice and the criminal law. He has particular expertise in advising and representing individuals, corporate clients, professional firms and financial organisations in areas such as market abuse and insider dealing, corruption, money laundering, cartels and price fixing, extradition, bribery and criminal/regulatory compliance.
Aisling O’Sullivan, is an Associate in the Fraud and Investigations Group at Eversheds. Aisling handles a range of corporate crime matters for financial institutions and corporates and has experience in criminal and regulatory investigations. Before joining Eversheds, Aisling worked in the corporate and investment management division of a U.S. financial institution.
Corruption: costs and mitigation strategies http://www.imf.org/external/pubs/ft/sdn/2016/sdn1605.pdf
Beneath the surface: the business response to bribery and corruption 2016 http://www.eversheds.com/global/en/what/services/fraud-and-financial-crime/bribery-corruption-report-zmag.page?
Count reading this article to your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet