ISO 37001 (Anti-bribery management systems – Requirements with guidance for use)

Overview

ISO 37001 has the normative global guideline of rational and balanced policies, procedures and control systems for corruption/bribery risks arising from all for-profit business/institutional activities and is designed to be applicable to any type of organization, small or large organizations, such as the public or private sector and non-profit sector.

• Global-level best practices that can also be applied to all companies/institutions/organizations in all countries or other jurisdictions (regions under jurisdiction)
• It specifically specifies the method/procedure/control process in which corruption risks should be approached reasonably in proportion to the risks of each area/department/(executive) employee
• Anti-corruption management systems can be operated independently, or can be operated under the integration of general management systems (ISO 37001 does not cover fraud, cartels, monopolies, money laundering or other corruption-related matters, but companies/institutions/organizations can choose by expanding the scope of their management systems to include these activities)
• Compliance-related ISO standards (e.g., ISO 19600:2014, Compliance Management Systems – Guidelines), Social Responsibility Activities (ISO 26000:2010, Compliance on Social Responsibility), Risk Management Principles (ISO 31000:2019, Risk Management Principles, etc.)

ISO 37001 Background

Based on the UK's BS 10500, the International Organization for Standardization (ISO 37001 Anti-Corruption Management Systems – Requirements with guidance, a standard guideline for anti-corruption management systems that can be used at the global level.
ISO adopted/announced ISO 37001 as an international standard guideline for anti-corruption management systems in October 2016, with a joint agreement from the international community, as the need for a global standard guideline for "punishment regulations" specified in advanced countries such as FCPA and UK bribery laws.
This standard was established to contribute to the establishment and maintenance of an appropriate management system for preventing corruption. Corruption is a great threat to the community, so consensus on its seriousness is widespread throughout society, and in particular, having a mechanism to prevent irrationality in decision-making due to corruption in a business environment where various interests conflict is essential for establishing a sound commercial order.
With this importance, the use of the "corruption prevention management system – requirements and guidelines" is expected to contribute to the anti-corruption stance by preventing corruption-related activities between the public and the private sector.

Composition of ISO 37001

ISO 37001 presents international standards applicable to all countries and organizations, and specifically specifies requirements for establishing policies and procedures that are reasonable for corruption and bribery risks, proportional to risks, and implementing internal controls. Although certification that meets the standard requirements does not guarantee that there will be no corruption and bribery issues in the future, it is evaluated as presenting a reasonable and risk-proportional approach to prevent, detect, and resolve corruption and bribery issues.
"A policy proportional to risk" means that risk assessment is an indispensable area for ISO 37001 certification and operation. Although the period of characteristics is not set for risk assessment, the organization should prepare for the annual evaluation, the need to evaluate and prioritize risk impact at the enterprise level, and the need to establish and operate control measures to mitigate risk.
In addition, monitoring procedures are needed to evaluate the established policies, procedures, and performance of implementation. Organizations need to manage documented monitoring frames and results, such as areas that require monitoring and measurement measures, selection of monitoring operations and managers, continuous monitoring enhancement (improvement of adequacy of measurement and analysis results), and decision of monitoring timing and results reporting lines. Through this, the effectiveness and efficiency of the anti-corruption management system are evaluated.

Composition of ISO 37001 Requirements

Effectiveness of introducing ISO 37001

• In the event of an investigation by the relevant authorities, it is possible to obtain data that can prove (evidence) that the organization has taken appropriate procedures and steps to minimize the risk of corruption.
• It can help implement an effective anti-corruption management system and strengthen the control measures currently held by the organization.
• It can give management, owners, investors, and business-related people confidence that the organization accepts and implements internationally recognized practices for effective anti-corruption control activities.
• It is possible to reduce loss of resources and tangible and intangible costs due to business suspension or corruption-related investigations and post-disposition due to bribery and corruption-related problems.
• Various stakeholders, including the government, client, investors, and civil society, can meet the anti-corruption measures and related requirements required by the organization and enhance trust.
• Corruption risks can be effectively identified and managed throughout the organization's business operation as well as throughout the supply chain.
• In a business environment where corruption issues are becoming increasingly important, it can give a compliance competitive advantage when conducting business.
• By expressing the organization's strong commitment to corruption issues internally and externally, it can be a fundamental element of its reputation and reputation as an ethical organization, and it can gain an image as an ethical company from internal and external stakeholders.