ISO 37001: Let’s Talk Specifics

Some, though certainly not all, of the dust has settled since ISO 37001 published last fall. As compliance professionals grapple with the new standard, we thought it would be interesting to use the power of social media to seek input from our readers on ISO 37001 now that everyone has had some time to get better acquainted.

Such polarizing opinions on a topic makes for a perfect opportunity to bring the community together for discussion.

As cited by Compliance Week, the opinions on ISO 37001 run the gamut from “…we don’t need another standard in anti-bribery” to the standard signaling “a ‘coming-of-age moment’ for the anti-corruption compliance space.” Such polarizing opinions on a topic makes for a perfect opportunity to bring the community together for discussion. So let’s do that. 

Read More: ISO 37001 - Anti-Bribery Management Systems Standard

Points for Discussion

1. By the Industry for the Industry

ISO 37001 was drafted with input from hundreds of experts across 56 countries and seven liaison organizations. The committee drafting the standard included business people, as well as lawyers, NGOs, academics and others, assembled to ensure the standard was rigorous and practical. As a result, the framework was written in non-legalistic, plain language and provided a new level of detail, uniformity and transparency.

Is the standard easy to understand? Does it provide detail, uniformity and transparency where other standards or regulations did not?

Answer via Twitter

2. The Benefits of a New Standard

Organizations understand that reports of bribery can hurt their reputations and brands—and that conforming to standards like ISO 37001 can be a key market differentiator. The standard was created so organizations could use it to engage business partners and measure their own compliance capabilities. The end goal is to minimize the risk of unlawful behavior, allow for earlier interventions and provide evidence of reasonable steps to prevent bribery and demonstrate commitment to ethical practices. Regulators have recently rewarded organizations that take such steps.

Has ISO 37001 made it easier to gauge business partners on compliance? Has it made it easier to judge your own organization?

Answer via Twitter

3. Flexibility of Design

ISO 37001 was designed to aid in complying with international good practices and with relevant anti-bribery legal requirements in all countries. It also can be adapted according to the size and nature of the organization and the potential bribery risk.

Will ISO 37001 work in all jurisdictions? Will it work for organizations of various sizes?

Answer via Twitter

It’s important to remember that ISO 370001 certification will be voluntary and that ISO doesn’t perform certifications itself. But independent certification bodies can use the new standard, and that service should be available later this year.

Adherence to ISO 37001 is not a safe harbor or a bar to liability.

In the U.S., the ANSI-ASQ National Accreditation Governing body (ANAB) issues accreditation to auditors. ISO 37001 certification will be valid for three years, with an annual surveillance audit. Auditor competency is governed by detailed requirements (ISO/IEC 17021-1 and -9), developed by ISO's Committee on Conformity Assessment (CASCO), to ensure confidence, quality and reliability in the certification process. ISO 37001 auditors are required to have specific knowledge, including knowledge of the standard’s requirements, bribery concepts and scenarios, third-party risk, bribery risk assessment and due diligence, and the design and evaluation of effective anti-bribery controls.

Organizations should also remember that adherence to ISO 37001 is not a safe harbor or a bar to liability. But it’s worth looking at, as it may be taken into consideration by prosecutors should a bribery-related event occur. It can provide some evidence that an organization has taken reasonable steps to prevent wrongdoing.

Read More: ISO 37001 - Anti-Bribery Management Systems Standard

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

When It Comes to Documentation, Smart Companies Behave Like Every Day Is Audit Day

A successful audit is more than just a “clean” audit – it’s one that is relatively pain-free and does not drain unnecessary time, money or energy from legal, accounting, compliance or human resources. Does that describe your audit process? Learn how and why you need to take documentation seriously.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Judged by the Company You Keep

We live in a world where reputational damage can happen fast, and with devastating consequences. When we work with third parties, this damage can happen due to forces outside our organizations. Whatever marketing efforts we take to build our brand reputations should be complemented by efforts to protect that reputation from third-party risk. Learn about the processes and platforms we can use to do this.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.


Subscribe Now!