ETHIC Intelligence was very pleased to host its second annual international conference on Standards and Guidlines: Recent developments in Anti-Corruption Compliance on September 11, 2017 at the OECD conference centre in Paris. You can now view photos and video from the conference where experts from business, civil society and government exchanged and debated on how best to progress in the fight against corruption.
Even though the first ISO 37001 certifications are just now being carried out I’ve already received feedback from one Compliance Officer who stated that the ISO 37001 audit was strengthening the compliance culture at the company thus rendering the compliance program more effective. When I asked what he meant by ‘more effective’ he said that “the corruption prevention policy is much more readily understood and accepted which leads to greater efficacy.” He added, “the audit in and of itself provides an incredible boost to the culture.” He had been pleasantly surprised to witness staff cooperation and acceptance of the audit where he had been expecting resistance.
Upon hearing this I re-read the ISO 37001 to identify exactly what it is that fosters an effective compliance program.
Section 4.2 which includes « understanding the needs and expectations of stakeholder » may appear innocuous at first glance, but I believe it is one of the most important requirements.
Of course, it begins with the necessity of identifying the legal requirements relevant to the organization. In certain countries, these requirements are in the form of obligations (Italy, Law Decree 231, France, Sapin II law…) whilst in others they are formulated as recommendations (USA, Chapter 8 of the Federal Sentencing Guidelines; UK Bribery Act Guidance, …). In these latter countries, the law compels the establishment of a culture of compliance.
Section 4.2, however, also compels organizations to identify the non-obligatory expectations of the stakeholders. This means that any company subject to laws where a corruption prevention program is recommended or compulsory must also ensure that its business partners and/or suppliers, regardless of the country where they are based, have a corruption prevention program. Through the consequent cascading effect, every company will ultimately have an anti-corruption compliance program to meet the expectations of contractors or partners.
Section, 4.2 goes even further, however. As it calls upon companies to respect even those guidelines which are voluntary whether they originate with professional associations, NGOs or local communities where they operate. This means that a general commitment to the Global Compact, for example, must be supported with concrete measures.
Because the company is committed to respected the expectations of all stakeholders and takes specific measure to ensure that the commitment is respected, a culture of compliance is naturally instilled within the company.
Section 4.2 is a vital component in the implementation of an anti-bribery management system. But it is not enough.
The strength of management system standards – and particularly the ISO 37001 – is that it engages the highest levels of the company as much as the mid-levels and on down to operational staff working in the field.
Section 5 is entitled Leadership. It requires (sub-section 5.1) that corruption prevention be integrated into the company’s strategy at the highest level: The Board of Directors and the Executive Committee. In addition, sub-section 5.3.3 also requires an appropriate delegation of power.
The ISO 37001 gains its legitimacy by requiring a decision at the highest level of the company. It is equally significant that the last section which is dedicated to performance evaluation, stipulates that the results of any evaluation of the implementation of the system in the field be examined by the Executive Committee and the Board of Directors to ensure that the decisions taken on necessary and appropriate corrective measures are acted upon in a timely manner with proper support.
The implementation of the ISO 37001 anti-bribery management system creates a corruption prevention process where both the executive and operations levels of the company are equally involved. The implementation of the ISO 37001 promotes a dynamic culture of corruption prevention throughout the company.–
Prior to an ISO 37001 audit, ETHIC Intelligence recommends that companies undergo a Gap Analysis to prepare them for the specific demands of the auditors and to identify areas where there may be gaps between the norm’s requirements and the company’s practices.
During this meeting, we invite not just those working in compliance but also those from human resources, finance, audit, communications, etc.
A company can only be certified if every department meets the requirements of the standard specific to it. For example, human resources for employment processes and training (section 7.2.2 and 7.3); finance for the financial controls (section 8.3); audit for non-financial controls (section 8.4); communications for documented information (section 7.5), etc.
The decision to launch an ISO 37001 audit does not just demonstrate an interest in certification, it reaffirms the role and responsibility of each member of the company in the implementation of an anti-bribery management system.
The paradox of the ISO 37001 is that it appears at first glance to be very formal and possibly a mere exercise in box-ticking. However, where auditors verify that each requirement is met and the certification is attributed it is valid recognition that a culture of anti-corruption compliance exists throughout the company and that the system itself benefits from continuing improvement.
Philippe Montigny is CEO of ETHIC Intelligence and Chairman of its Certification Committee. Philippe has over 20 years of experience in advising companies on strategies to prevent corruption and leverage business integrity.
The compliance community must navigate amidst an ever-changing landscape of laws, recommendations, emerging corruption risks, trends in investigations and the threat of prosecution. The ambition of this blog is to bring this landscape into focus while raising compliance effectiveness from both a business and legal perspective.
Anti-corruption compliance is a major asset to companies; ETHIC Intelligence Certification of compliance programs and Validation of business partner commitments leverage this asset in a concrete way to help business.