ETHIC Intelligence was very pleased to host its second annual international conference on Standards and Guidlines: Recent developments in Anti-Corruption Compliance on September 11, 2017 at the OECD conference centre in Paris. You can now view photos and video from the conference where experts from business, civil society and government exchanged and debated on how best to progress in the fight against corruption.
The publication of the Anti-Bribery standard, as ISO 37001 is already known, in the autumn of 2016 will be the most significant event of the year for those in the anti-corruption compliance community.
Currently, it is a « Draft International Standard » and is being voted upon by the countries who have participated in its development. The voting ends in April 2016 and if the result is positive, which is the likely outcome, the reference document will be finalized during the next ISO meeting in Mexico the week of May 30, 2016 and the standard will be published officially by ISO before year’s end.
Having participated in the working sessions for the past three years under the Presidency of Neill Stansbury, Director of GIACC (Global Infrastructure Anti-Corruption Centre), I am convinced that the publication of this standard will be a turning point for anti-corruption compliance programs. For years, the main preoccupation of Compliance Officers focused on the design and implementation of the program. The fact that ISO can now publish a standard on the subject highlights the fact that there are now recognized principles in the prevention and detection of corruption. This development also highlights the growing concern of Compliance Officers to ensure that their program respects international best practices.
From the beginning of the discussions, which originated at the British Standards Institution in June 2013, it has been clear that the Standard needs to be relevant to different kinds of organizations: large companies, SMEs, public and private entities and NGOs.
Consequently, it is a flexible tool that assists any kind of organization in the design of policies to prevent and detect bribery. Compliance Officers will find it useful to use as a benchmark when assessing their programs.
ISO 19600, published in December 2014, was designed to address the issue of Compliance at large. ISO 37001 is designed to address specifically the issue of anti-corruption compliance. I took part in the drafting of the ISO 19600 and was nominated ISO Liaison Officer of the two standards so I can confirm that the two standards are consistent with one another. If an organization has designed a compliance program according to the ISO 19600 it will be easy to comply with the ISO 37001 requirements.
The main difference between the two standards is that the ISO 19600 is drafted as a set of guidelines i.e.: “The organization should…”. Therefore, it is not certifiable, but offers an ambitious framework for compliance allowing companies to address all compliance issues: anti-trust, data privacy, export control, money laundering…. Although this standard is not certifiable, it can be used by consulting firms to carry out audits on companies who wish to base their compliance on these guidelines. Companies benefit from recommendations formulated by consulting firms to improve their compliance organization.
The ISO 37001 on anti-bribery compliance is drafted as a set of requirements: “The organization shall….” It is therefore certifiable by third parties. However, because they are requirements, there is no room for recommendations: either the organization meets the requirements or it does not.
The Standard has been designed for easy integration into an organization’s existing management processes and controls. The standard follows the common ISO structure for management system standards and is consistent with the structure of other management systems including ISO 9001 and 14001.
It follows the usual “Plan-Do-Act-Check” approach. Therefore, companies wanting to design and implement an anti-bribery management system can use it. In addition, it will be accompanied by guidance to assist managers with its implementation.
ISO 37001 lists some of the measures, which must be implemented if an organization wants to prevent and detect bribery appropriately:
I believe this standard brings three advantages.
Firstly, it is global recognition that anti-corruption compliance matters for most if not all organizations. It reflects the widely shared expectation that organizations need to ensure integrity in their daily decisions.
Secondly, it demonstrates that there is a commonly agreed set of measures needed to prevent and detect bribery. It was not always easy to reach agreement within the working group, but the main difficulties have been overcome. In other words, the fact that participants from five continents were able to ultimately agree demonstrates that cultural differences did not matter when important decisions were being made.
Thirdly, it is a first step towards leveling the playing field. Bribery distorts economic decisions. It brings an unfair advantage to the briber and handicaps companies that are committed to doing business with integrity. The fact that the OECD Convention is the only anti-corruption Convention with a monitoring mechanism to ensure that it is properly enforced means that the incrimination of transnational corruption exists, in reality, only in the 41 countries signatory to the Convention. In other words, companies headquartered in other countries have fewer risks of being prosecuted for the corruption of foreign public officials…, which greatly explains why corruption remains prevalent worldwide. A global standard will recognize companies that are committed to doing business with integrity regardless of where the HQ is located. Such a standard might contribute to the establishment of a global community of organizations committed to ethical business practices.
ISO 37001 has some limitations, however, which restrict its efficiency, and these are intrinsic to the way it is designed.
As is the case with all guidelines and legal obligations, the requirements of ISO 37001 will be included in the ETHIC Intelligence Terms of Reference. These terms of reference evolve with each new national or international standard or guideline to be as comprehensive as possible. In 2015, the terms of reference were updated to include guidelines published by the French, Spanish and Brazilian authorities.
The ETHIC Intelligence certification process was designed to respond to the increasingly demanding expectations of Compliance Officers. It exceeds the limits of the ISO 37001 outlined above. Specifically, the ETHIC Intelligence Terms of Reference:
Naturally, once the ISO standard is published, it will be included in the ETHIC Intelligence Certification terms of reference. Companies will then be able to take advantage of the specificities and advantages of ETHIC Intelligence Certification while, at the same time, receive certification for ISO 37001.
Next month: What is an efficient compliance system? How should it be organized?
Philippe Montigny is CEO of ETHIC Intelligence and Chairman of its Certification Committee. Philippe has over 20 years of experience in advising companies on strategies to prevent corruption and leverage business integrity.
The compliance community must navigate amidst an ever-changing landscape of laws, recommendations, emerging corruption risks, trends in investigations and the threat of prosecution. The ambition of this blog is to bring this landscape into focus while raising compliance effectiveness from both a business and legal perspective.
Anti-corruption compliance is a major asset to companies; ETHIC Intelligence Certification of compliance programs and Validation of business partner commitments leverage this asset in a concrete way to help business.