Earlier this year, Microsoft announced plans to adopt ISO 37001, the new international anti-bribery standard, across its operations. Speaking on behalf of the company, Judd Hesselroth, Programs Director in Microsoft’s Office of Legal Compliance, explains how the new standard equips organizations to strengthen their fight against bribery: “We think ISO 37001 is going to be an important tool for improving anti-corruption efforts.” So what is ISO 37001? Simply put, it is an anti-bribery standard that will assist organizations in implementing and maintaining an effective anti-bribery and corruption compliance programme and promoting an ethical business culture. ISO 37001 is welcome news for organizations operating internationally and may one day become mandatory for corporations as they partner with other organizations in international business. For Microsoft, ISO 37001 lays down a much needed “common language” to set global best practices for anti-bribery schemes, says Hesselroth. “It will provide any organization with a global benchmark to evaluate, improve or build its own anti-bribery programme. It will also give confidence to stakeholders (e.g. customers, suppliers, shareholders, etc.) that the organization has met that global benchmark.”
Apart from minimizing the risk of bribery and the financial loss it causes, ISO 37001 will help governments in at least a couple of ways, predicts Hesselroth. “It’s a resource that governments can leverage in their evaluation of anti-bribery programmes, and it gives governments an internationally recognized benchmark for anti-corruption programmes that they can encourage organizations to meet.”
According to Microsoft’s Legal Compliance Programs Director, the application of ISO 37001 can bring a competitive advantage to organizations of any size or structure, helping them to build trust and mitigate bribery risk. The fact that the standard will be consistent across borders is also very important for companies operating globally, says Hesselroth. “For larger organizations conducting business in a variety of geographies and jurisdictions around the world, ISO 37001’s global applicability and scalability are also really helpful.”
Gaps in the system
Corruption is a big drain on economic development. According to the World Bank, some USD 1.5 trillion are paid globally in bribes each year, a figure that dwarfs the value of economic assistance. “Getting business done” is one thing, but bribery has a much darker side: lack of competition, delivery of sub-standard goods and services, price distortions, and wasted foreign aid contributions. More than any other type of occupational fraud, bribery leads to substantial financial and reputational damage, according to the Association of Certified Fraud Examiners, the world’s largest anti-fraud organization and premier provider of anti-fraud training and education.
Bribery has been around for a very long time and the sums involved are huge. And while existing anti-bribery guidance has proven useful – namely in the forum of national anti-bribery legislations and a complex web of corporate policies – corruption is a cross-border problem and demands a common language to help solve it. That’s where ISO 37001 comes in. It defines, for the first time, a single internationally recognized set of measures addressing anti-bribery compliance. ISO 37001 provides a common ground where all global branches of an organization, no matter the location, have the same basis for compliance.
Call to combat
Developed with the participation of business and other stakeholders, and written in plain language, ISO 37001 is meant to be widely applicable to businesses of different sizes as well as public-sector entities and non-profits. It is also designed to integrate easily with existing management processes and other risk management schemes. The standard, which replaced British national standard BS 10500, provides a number of requirements that represent globally recognized good practice for anti-bribery. It builds on guidance from various organizations, such as the International Chamber of Commerce, the Organization for Economic Cooperation and Development, Transparency International and various governments representing a global consensus on anti-bribery leading practices. With the development of international efforts to combat bribery, an International Standard defining how organizations must address the issue was long overdue, says Jean-Pierre Méan, Leader of the task group that has day-to-day responsibility for the standard under the supervision of technical committee ISO/TC 309, Governance of organizations. “ISO 37001 has the vocation to fill that need and to become the global standard for anti-bribery management systems,” he says.
Many companies have already invested significant time and resources into developing internal systems and processes for preventing bribery. ISO 37001 is designed to support and broaden those efforts, while providing transparency and clarity on the measures and controls that companies should be putting in place and how to implement them most effectively and efficiently. Governments have also begun to show interest in the anti-bribery standard, with Singapore and Peru already endorsing ISO 37001 for use in public procurements. Other governments and multilateral financial bodies may soon follow suit, while several multinationals are considering the standard for their supply chain, especially those working with government.
The ISO 37001 difference
So what’s different about ISO 37001? The standard requires organizations to take a series of measures, proportionate to their circumstances, to prevent, uncover and address bribery. These include:
- Adopting an anti-bribery policy
- Appointing a compliance officer
- Vetting and training employees
- Undertaking risk assessments
- Implementing financial and commercial controls
- Instigating reporting and investigation procedures
- Communicating the policies, procedures and requirements to all staff, contractors, suppliers, and other third parties
Having an anti-bribery management system in place, such as ISO 37001, communicates the organization’s commitment to prevent bribery from occurring in its midst, explains Méan. “ISO 37001 creates clarity on the measures which may be reasonably expected from organizations to manage the bribery risk. It will make it possible to identify organizations that are serious about fighting bribery from those that are not.” Will compliance with the standard guarantee that no bribery has occurred? The answer is, unfortunately, that it cannot provide absolute assurance. However, as Méan explains, compliance with the new standard will help organizations ensure that they have appropriate measures in place designed to prevent bribery by, on behalf of, or against the organization, and may be taken into consideration by prosecutors should a bribery-related event occur.
A powerful tool
General consensus is that ISO 37001 has the potential to be a powerful tool for all organizations seeking to combat bribery risk in their own operations and throughout their global value chains. Fernando Cevallos, Forensic Services Partner at Deloitte, comments: “ISO 37001 is the international tool that assists organizations in demonstrating that they are taking seriously the fight against bribery and will also tell public officials and the private sector (society in general) that no bribes are allowed to be paid.” ISO 37001 is a flexible tool, which can be adapted to the size and nature of any organization and the bribery risk it faces. It also offers the opportunity for external certification and the chance for organizations to:
- Maximize financial gains or minimize financial losses to shareholders by creating controls, procedures and processes to mitigate bribery and corruption
- Create an anti-bribery culture for companies and public organizations
- Create a differentiating advantage among competitors and other government and non-profit organizations
- Increase the reputation of, and provide greater prestige and confidence to, the brand or public entity vis-à-vis society, clients and potential investors
- Strengthen the compliance programme and leverage it internationally to its subsidiaries and other third parties (i.e. suppliers, distributors, representatives, etc.)
- Provide the methodology to obtain the right evidence and documentation during internal investigations and establish the remediation plan according to the standard
Cevallos asserts that bribery is constantly requested at all levels in different ways, and ISO 37001 is the tool to prevent, mitigate and remediate it in all its many forms. “People are tired of suffering bribes and absorbing those costs and, in some cases, increasing the price to the end customer,” he says. “We all foot the bill, so now is the time to make a difference. Adopting the standard will not stop organizations from ever doing it, but it will make people think twice before promising, soliciting, offering, giving or receiving bribes.”
All for one, one for all
After being closely involved in the development of ISO 37001, Microsoft will seek certification from an independent and accredited third party to demonstrate that its anti-bribery programme satisfies the requirements of the standard. This means that an independent and accredited third party will perform a rigorous analysis of its programme and ensure that it satisfies the very specific requirements of the new standard. Microsoft is encouraging organizations, regardless of industry, to adopt the new standard. David Howard, Corporate Vice President & Deputy General Counsel, Litigation, Competition Law and Compliance, comments on Microsoft’s blog: “We encourage other major companies to adopt ISO 37001. We think a consistent approach to anti-corruption programmes is a good thing. That, along with an objective and independent certification process, should give governments around the world confidence that the companies which achieve certification are doing everything they reasonably can to reduce corruption.”
So are we anywhere closer than we were before? In just a short time, ISO 37001 seems to be gaining recognition as a viable mechanism in the fight against bribery, with businesses and governments welcoming and implementing it across their own operations and throughout their global value-added chains. For now, it is safe to conclude that commitment and action are the challenge in any organization and the key to effective anti-bribery management programmes. The new ISO standard gives corporates a set of tools by which to meet that challenge, but whether those tools are deployed effectively is a matter of real testing and assurance.