ETHIC Intelligence hosts second annual international conference
on corruption prevention Standards and Guidelines


OECD Conference center, Paris, Monday September 11, 2017

ETHIC Intelligence was very pleased to host its second annual international conference on Standards and Guidlines: Recent developments in Anti-Corruption Compliance on September 11, 2017 at the OECD conference centre in Paris. You can now view photos and video from the conference where experts from business, civil society and government exchanged and debated on how best to progress in the fight against corruption.

Click here for photos and videos


FOLLOW ETHIC Intelligence


ISO 37001: What will the implications be?

The publication of the Anti-Bribery standard, as ISO 37001 is already known, in the autumn of 2016 will be the most significant event of the year for those in the anti-corruption compliance community.

Currently, it is a « Draft International Standard » and is being voted upon by the countries who have participated in its development. The voting ends in April 2016 and if the result is positive, which is the likely outcome, the reference document will be finalized during the next ISO meeting in Mexico the week of May 30, 2016 and the standard will be published officially by ISO before year’s end.

Having participated in the working sessions for the past three years under the Presidency of Neill Stansbury, Director of GIACC (Global Infrastructure Anti-Corruption Centre), I am convinced that the publication of this standard will be a turning point for anti-corruption compliance programs. For years, the main preoccupation of Compliance Officers focused on the design and implementation of the program. The fact that ISO can now publish a standard on the subject highlights the fact that there are now recognized principles in the prevention and detection of corruption. This development also highlights the growing concern of Compliance Officers to ensure that their program respects international best practices.

Who is concerned by the standard?

From the beginning of the discussions, which originated at the British Standards Institution in June 2013, it has been clear that the Standard needs to be relevant to different kinds of organizations: large companies, SMEs, public and private entities and NGOs.

Consequently, it is a flexible tool that assists any kind of organization in the design of policies to prevent and detect bribery. Compliance Officers will find it useful to use as a benchmark when assessing their programs.

As is the case with all guidelines, the ISO 37001 requirements will be included in the ETHIC Intelligence Terms of Reference.
What are the differences between the ISO 37001 and the ISO 19600?

ISO 19600, published in December 2014, was designed to address the issue of Compliance at large. ISO 37001 is designed to address specifically the issue of anti-corruption compliance. I took part in the drafting of the ISO 19600 and was nominated ISO Liaison Officer of the two standards so I can confirm that the two standards are consistent with one another. If an organization has designed a compliance program according to the ISO 19600 it will be easy to comply with the ISO 37001 requirements.

The main difference between the two standards is that the ISO 19600 is drafted as a set of guidelines i.e.: “The organization should…”. Therefore, it is not certifiable, but offers an ambitious framework for compliance allowing companies to address all compliance issues: anti-trust, data privacy, export control, money laundering…. Although this standard is not certifiable, it can be used by consulting firms to carry out audits on companies who wish to base their compliance on these guidelines. Companies benefit from recommendations formulated by consulting firms to improve their compliance organization.

The ISO 37001 on anti-bribery compliance is drafted as a set of requirements: “The organization shall….” It is therefore certifiable by third parties. However, because they are requirements, there is no room for recommendations: either the organization meets the requirements or it does not.

 

ETHIC Intelligence Terms of Reference include all requirements and best practices currently available.
Philippe Montigny
CEO of ETHIC Intelligence

Click to tweet 

What is the structure of the ISO 37001 standard?

The Standard has been designed for easy integration into an organization’s existing management processes and controls. The standard follows the common ISO structure for management system standards and is consistent with the structure of other management systems including ISO 9001 and 14001.

It follows the usual “Plan-Do-Act-Check” approach. Therefore, companies wanting to design and implement an anti-bribery management system can use it. In addition, it will be accompanied by guidance to assist managers with its implementation.

What are the main requirements of the ISO 37001 standard?

ISO 37001 lists some of the measures, which must be implemented if an organization wants to prevent and detect bribery appropriately:

  • Assessment of bribery risks, including due diligence.
  • Implementation of an anti-bribery policy and program.
  • Identification of a compliance function to monitor the program
  • Communication of the anti-corruption policy to associated persons (joint venture partners, sub-contractors, suppliers, consultants etc.)
  • Training for personnel and associated persons
  • Verification that employees comply with the anti-bribery policy.
  • Monitoring of benefits given by the organisation (gifts, hospitality, donations…) to ensure that they do not have a corrupt purpose.
  • Implementation of controls to prevent bribery risk
  • Implementation of whistleblowing procedures
  • Process to detect bribery and to deal with any actual or alleged bribery.
ETHIC Intelligence certification exceeds the limits inherent to the ISO 37001.
What is the added value of ISO 37001?

I believe this standard brings three advantages.

Firstly, it is global recognition that anti-corruption compliance matters for most if not all organizations. It reflects the widely shared expectation that organizations need to ensure integrity in their daily decisions.

Secondly, it demonstrates that there is a commonly agreed set of measures needed to prevent and detect bribery. It was not always easy to reach agreement within the working group, but the main difficulties have been overcome. In other words, the fact that participants from five continents were able to ultimately agree demonstrates that cultural differences did not matter when important decisions were being made.

Thirdly, it is a first step towards leveling the playing field. Bribery distorts economic decisions. It brings an unfair advantage to the briber and handicaps companies that are committed to doing business with integrity. The fact that the OECD Convention is the only anti-corruption Convention with a monitoring mechanism to ensure that it is properly enforced means that the incrimination of transnational corruption exists, in reality, only in the 41 countries signatory to the Convention. In other words, companies headquartered in other countries have fewer risks of being prosecuted for the corruption of foreign public officials…, which greatly explains why corruption remains prevalent worldwide. A global standard will recognize companies that are committed to doing business with integrity regardless of where the HQ is located. Such a standard might contribute to the establishment of a global community of organizations committed to ethical business practices.

Are there any limitations to the ISO 37001?

ISO 37001 has some limitations, however, which restrict its efficiency, and these are intrinsic to the way it is designed.

  1. It was drafted as a certifiable requirement standard. This made it difficult for consensus on measures that required approval from all participatory delegations. Had ISO 37001 been designed as a set of guidelines, some of the measures could have been drafted in a more ambitious manner. It is more difficult to obtain agreement on obligations than on recommendations. The standard is already being presented by ISO as a minimum requirement for organizations to prevent and detect bribery.
  2. Some countries have formulated legal requirements, which are not necessarily shared by other countries. Consequently, if an organization meets the ISO 37001 requirements it does not mean that it meets the specific legal requirements of countries where it operates.
  3. The fact that the standard is certifiable might be misleading. Certifying technical specifications allows a fair comparison between two certified products. Certifying management systems, and in particular anti-corruption management systems, does not allow easy comparison. Most of the requirements contained in the standard have the annotation “as appropriate.” This leaves the auditor with a lot of room to manoevre vis-à-vis the interpretation of the requirement. To address this issue, the ISO Working Groups is formulating recommendations to ensure that auditors possess the necessary qualifications to assess anti-bribery measures. These recommendations, however, will not ensure the desired consistency between management systems certified by two different auditors.
  4. As with other ISO Standards, the 37001 has no room for the auditor to formulate recommendations to the company. Either the audited entity meets the requirements or it does not. If it does not meet the requirements then the auditor has only to explain why not. In most cases, Chief Compliance Officers are looking not only for a Certificate but also for recommendations to improve the program.
  5. Program certification using this ISO Standard will acknowledge that a company’s procedures meet minimal requirements. It will not demonstrate that the program is either efficiently designed or implemented appropriately given the company’s specific risks and organization.
  6. Once published the ISO terms of reference are fixed and not readily updated. Updates can only occur after several years of existence. Thus, the ISO terms of reference would be unable to evolve at the same rate as international best practices.
ETHIC Intelligence Certification “includes ISO 37001”: the added value

As is the case with all guidelines and legal obligations, the requirements of ISO 37001 will be included in the ETHIC Intelligence Terms of Reference. These terms of reference evolve with each new national or international standard or guideline to be as comprehensive as possible.  In 2015, the terms of reference were updated to include guidelines published by the French, Spanish and Brazilian authorities.

The ETHIC Intelligence certification process was designed to respond to the increasingly demanding expectations of Compliance Officers. It exceeds the limits of the ISO 37001 outlined above. Specifically, the ETHIC Intelligence Terms of Reference:

  • Include all requirements and best practices currently available.
  • Help companies who operate in multiple jurisdictions to ensure that their compliance program meets all their legal obligations, regardless of their countries of operation.
  • Ensure the same high standard of certification amongst certified companies thanks to the shared expertise of the international lawyers who make up the Certification Committee.
  • Provides companies with expert recommendations from auditors and Committee members, useful in ensuring continuous improvement of the compliance program.
  • Allows companies to use the certification process itself as a management tool to improve the program continually.
  • The structure of the ETHIC Intelligence certification process allows the lawyers who are evaluating the certification file to determine if i) the program addresses the identified risks in the most effective manner ii) the program is implemented effectively given the organization of the company.
  • The terms of reference endeavor to reflect accurately developments in best practices and to this end ETHIC Intelligence organizes each year an « Excellence in Compliance Day », which gathers international Compliance Officers from certified companies, auditors and Certification Committee lawyers to identify emerging best practices for inclusion in the ToR.

Naturally, once the ISO standard is published, it will be included in the ETHIC Intelligence Certification terms of reference. Companies will then be able to take advantage of the specificities and advantages of ETHIC Intelligence Certification while, at the same time, receive certification for ISO 37001.

Next month: What is an efficient compliance system? How should it be organized?

01 FEB, 2016 Category : Blog 3 5,565 Views

Comments (3)

  • sachin bagmar says:

    At the outset, thanks a lot for the clarity and summary of this ISO standard. You mentioned that auditor needs to possess requisite qualification to certify under this Standard. May i know which are the third party organisations who can certify under this standard?

  • sachin bagmar says:

    At the outset, thanks a lot for the clarity and summary of this ISO standard. You mentioned that auditor needs to possess requisite qualification to certify under this Standard. May i know which are the third party organisations who can certify under this standard?

    Thanks
    Sachin Bagmar

  • Philippe Montigny says:

    Thank you for your comment. Any third party who meets the requirements of the ISO IEC 17021 is qualified to perform audits and certification management systems as the ISO 37001 is a management system standard. But due to the specific expertise required by anti-bribery issues a 9th section has been added to the ISO 17021-9 which requires auditors to demonstrate good working knowledge of anti-corruption compliance programs including knowledge of legal requirements imposed by various national legislations.
    To respond to this, in 2017, ETHIC Intelligence is launching a series of Accreditation Training sessions on ISO 37001: Paris – January 2017, Dubai – March 2017, Casablanca – May 2017, Sao Paulo – June 2017 followed by Delhi, Montreal and Washington.

Leave a comment

Your email address will not be published.


To maintain the quality and relevance of the discussion, all comments will be moderated. Thank you for your understanding.

Philippe Montigny President, ETHIC Intelligence Certification Committee

Philippe Montigny is CEO of ETHIC Intelligence and Chairman of its Certification Committee. Philippe has over 20 years of experience in advising companies on strategies to prevent corruption and leverage business integrity.

Follow us

about the blog

The compliance community must navigate amidst an ever-changing landscape of laws, recommendations, emerging corruption risks, trends in investigations and the threat of prosecution. The ambition of this blog is to bring this landscape into focus while raising compliance effectiveness from both a business and legal perspective.

visit our website

Anti-corruption compliance is a major asset to companies; ETHIC Intelligence Certification of compliance programs and Validation of business partner commitments leverage this asset in a concrete way to help business.

About tools

Compliance tools

Related Articles