The Fight Against Corruption Drove the Creation of ISO 37001

The fight against corruption drove the creation of ISO 37001. Published in October 2016, this standard sets the benchmark for bribery and corruption prevention for organizations doing business in international markets.

In business, it is essential for organizations to manage risks tied to the scope of their operations at a high level, and to design a compliance program suited to their needs. Corruption was identified as the most significant issue organizations face when operating in international markets. Failing to address it can result in reputational damage and heavy fines under both national and international law.

The Fight Against Corruption Drove the Creation of ISO 37001

Before this standard, it was useful for organizations to review the underlying factors that shape anti-corruption work. National and international legal frameworks and agreements share a common goal: preventing nationals of one country from giving bribes abroad, either directly or through intermediary firms. Relatedly, public bodies that maintain relationships with foreign partners need the knowledge and identification to manage the local legal risks those partners must comply with.

Speakers noted that the handling of corruption risk in business reflects the competitive priorities and legal capacity of the countries in which international companies are incorporated or publicly listed. The evolution of international legal frameworks and the increased enforcement power of lawmakers were identified as the key drivers behind the creation of the standard.

The standard was developed over two years by nearly 60 experts from about 30 countries. Because it is an internationally and locally reviewed standard, it is expected to replace supply chain corruption risk assessment surveys in the near future.

Organizations Should Be Prepared

The standard sends the following warnings to organizations regarding the competencies it defines.

If a business asks you for an ISO 37001 certificate, you must be sure either that the business itself holds one, or that its ethics and compliance programs meet world standards. Third-party risk assessment is one of the main competencies under this standard. Organizations should remember that they sit on both sides of this equation. The level of competence you bring to your role as an intermediary for international businesses is the same level of care you must apply to managing risk within your own supply chain. This core principle is what gives an effective ethics and compliance program its spirit.

Speakers also noted that the standard does not prescribe a list of measures and activities organizations must put in place. Rather, it calls for a mechanism that measures and manages risks in reasonable and proportionate ways. What counts as adequate will remain a matter of ongoing discussion. But every business operating in a commercial relationship generally shares a legal risk with its counterparts and manages it jointly. These relationships, and the mutual expectations that evolve over time, will shape industry conditions and make the definition of adequate easier to pin down.

The Standard's Foundation Is Built on Continuous Improvement

The key threat addressed by a compliance program is the fight against corruption. There is no single program template that fits every organization. Speakers stressed that ethics and compliance programs are concerned less with what a business produces and more with who produces it and how.

Speakers noted that not all of the gray areas in managing corruption risk can be removed at once, even under this standard, and that the learning and improvement process will continue. The compliance officer's primary insight is that the key quality of a program is the ability to keep learning, improving, and adapting. It should therefore not be surprising that this standard itself sits within a system designed to be learned and refined over time.

To follow current developments on ISO certification, ISO certification training, and ISO standards, please visit the Sistem Kalite website.