Microsoft and Wal-Mart recently announced that their organizations recognize the value of having a uniform international standard across their organizations to combat bribery, and will now be seeking ISO 37001 Certification ("Certification"). ISO 37001 is the new international standard (the "Standard") designed to help organizations implement an anti-bribery management system. Certification can be used as a management tool by the company, administration or association as part of its overall corruption prevention strategy.

But, who should have it?

  • It is appropriate for an organization that has no corruption prevention system in place, but would like one.
  • It is equally appropriate for those organizations which do have an anti-corruption compliance program, but who wish to identify any weaknesses and implement improvements in order to meet international best practices standards.

The Standard addresses bribery in all its forms whether carried out by the organization, the organization's personnel acting on its behalf, or the organization's business associates working on its behalf or for its benefit. It also addresses passive corruption by the organization as well as direct and indirect bribery. It does not, however, address fraud, cartel or other broader issues.

As is the case with the other management system standards, ISO 37001 requires that organizations design and implement an anti-corruption compliance program appropriate to their specific risk. As we discussed in our previous post, the US Department of Justice supports the view that an organization must operationalize its compliance program. Following that process, a company should undergo a corruption risk assessment by evaluating an organization's compliance program against the recent US DOJ guidance.

Because the Standard is based on a risk assessment, it can be applied to any organization. It is flexible enough to be adapted to organizations of all sizes: large or small companies, national administrations or administrative services and local or international non-governmental organizations. The Standard is also a useful tool against which your program can be benchmarked, perform a gap analysis, or assist internal auditors in evaluating a compliance program.

While obtaining Certification represents only a fraction of the cost of designing, implementing and verifying an anti-corruption compliance program, it transforms this cost into an important investment on a number of fronts:

  • lowers the risk of corruption and can reduce company liability in the event of corruption by an employee, partner, etc.
  • offers proof to insurance companies that cover investigations for FCPA and SEC violations that compliance programs have been properly designed and implemented, thus effectively lowering company liability risk and, consequently, insurance premiums
  • distinguishes the company from competitors; and
  • reassures not only investors but themselves on the quality of their programs.

Just as critical... during an investigation or a prosecution, Certification can provide judicial authorities with externally-verified evidence of the concrete steps taken by a company to prevent corruption – saving the company headaches and dollars.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.