What to Watch out for Concerning the ISO 37001 Anti-Corruption Standard
An overview of the ISO 37001 anti-corruption guideline, the requirements for companies and tips for implementation.
Ethical conduct and corruption prevention should be central pillars for all companies and organisations. After all, those who act ethically not only reduce the risk of criminal prosecution and high fines but also create trust among employees and customers while simultaneously strengthening their own reputation. Certification to the ISO 37001 anti-corruption guideline allows companies and organisations to demonstrate their commitment to anti-corruption and strong compliance.
In this article, we have compiled the most important information regarding ISO 37001 as well as explaining the requirements for companies to fulfill the certification along with implementation tips.
ISO 37001: What is it?
ISO 37001 is a certification standard for anti-corruption management systems that has been in place since October 2016 and endorsed by 37 countries worldwide. The standard sets out the requirements for an anti-corruption management system and provides guidelines for setting up, implementing and maintaining the system as well as including measures for review and improvement. ISO 37001 can be applied in small and medium-sized enterprises as well as in foundations, associations, public authorities and international corporations.
The standard is based on existing laws and guidelines for the prevention of corruption such as the British Anti-Bribery Act. On this basis, cross-sectoral guidelines were developed that are applied internationally with 28 countries involved in the development.
What are the essential requirements?
To obtain ISO 37001 certification, companies and organisations must adopt a number of compliance measures for anti-corruption management. These include:
- Implementing a compliance and anti-corruption policy along with associated processes within the company.
- Embedding and exemplifying ethical behaviour at the top management level.
- The introduction of a compliance function in the form of a compliance officer with clearly defined tasks and responsibilities.
- The training of all company employees in the form of anti-corruption training. Depending on the position and responsibilities, such training should be repeated on a regular basis so employees stay up to date.
- Control in the areas of finance and contract management.
- The monitoring and evaluation of collected data on anti-corruption management. Regular controlling and evaluations ensure that the programme is both up to date and efficient while revealing potential weaknesses internally before breaches occur.
- The ongoing continuation of compliance measures. Due to the fact that legal situations and corporate governance can evolve, the programme must be regularly reviewed, adapted and improved.
Who can be certified and who carries out the certification?
ISO 37001 can be applied on a broad and cross-sectoral basis. Both owner-managed small businesses, organisations and institutions as well as public authorities and international corporations can seek certification. Awarded following an audit, it must be carried out by an independent body which has to be recognised by a certification body freely chosen by the organisation. An internal audit would not be sufficient. Once the independent audit is carried out successfully, the certification is valid for three years and must be reviewed annually after that period.
A whistleblowing system as an anti-corruption measure
As well as the tone from the top (i.e., setting an example of ethical behaviour and compliance at top management level), training employees, formulating an anti-corruption programme and the establishment of effective processes are the core elements for ISO 37001 certification.
The establishment of an electronic whistleblowing system is particularly suitable for this. When it comes to internationally operational corporations and organisations, digital solutions are best suited as they can be accessed around the clock and from any location. Digital whistleblowing solutions can also be set up in many different languages and are often barrier-free.
With the help of the reporting system, employees can – anonymously if they wish – provide information on grievances, corruption, abuse of authority or discrimination. The advantage: by first reporting on and solving problems internally, the risk of an employee contacting the investigating authorities or the media is reduced, as are the chances of the organisation experiencing investigations, fines or enormous reputational damage. As a result, problems can be resolved at an early stage before criminal offences occur. Therefore, whistleblowing systems also serve to minimise corporate risks.
Through the use of an anonymous reporting function, the chances increase that serious and valuable reports will be received. Anonymity provides employees with a degree of security in the reporting process which can prove psychologically stressful for whistleblowers. The introduction of a whistleblower system therefore strengthens organisations internally in their compliance efforts and heightens their chances of a successful ISO 37001 certification.
From establishing appropriate rules, defining procedures and responsibilities, to internal communication and employee training