In addition to its certifiability, the ISO 37001 standard can be used as a handbook to guide the development of an anti-bribery management system.
Small and medium-sized companies often lack adequate resources for support functions, including that of compliance. The implementation of an anti-bribery management system is often viewed as an onerous expense, particularly so if the risk it is designed to meet is misunderstood by the relevant actors.
The standard offers a simple methodology for the design, implementation and continuous improvement of an anti-bribery management system appropriate to the needs of a company. The company simply needs to follow the different sections of the standard step-by-step and pay particular attention to section 4 which focuses on the context of the organization.
The central tenet of the standard is that anti-bribery management systems be adapted to:
- The specific organization and activity of the organization (section 4.1)
- The expectations of the stakeholders including those of clients and national authorities (Italy, USA, UK, Russia, Brazil, Spain, France, Mexico …) which recommend or impose certain obligations in corruption prevention (section 4.2)
- The risks specific to the organization given its activity, the way it operates, its countries of operation, etc.… (section 4.5)
For small to medium-sized companies it is relatively easy to respond to the questions in section 4. They can then identify measures necessary to the program’s implementation to limit identified corruption risks. These measures include:
- Involving top management (section 5) which is self-evident for a small to medium-sized company on such an undertaking;
- Planning the implementation timeframe, 3 years, for example (section 6)
- Defining resources required, particularly human resources and budgetary if necessary (section 7)
- Establishing prevention tools (due diligence, a gifts and invitations policy, etc.) (section 8), adapted to the specific needs of the company
- Regularly evaluating – i.e. annually – the implementation of the program; (section 9) a standard for any management system
- Continually improving the Anti-Bribery Management System based on the evaluations (section 10)
During the Standard’s drafting, the intention of participating delegations was to ensure that the Standard would be useful to small and medium-sized enterprises. I remember that many requirements were specifically reformulated to ensure that they would be applicable to SMEs. This is evident in the frequent use of the terms ‘reasonable’ and ‘appropriate’ meant to reassure small to medium-sized companies on the affordability of an anti-bribery management system for all companies, not just for the wealthier multinationals.
Ultimately, drafters of the ISO 37001 standard made sure to include an annex of detailed guidelines so that the Standard is as informative as possible. For example, details on the development of prevention tools required in section 8 will be found in the annex: due diligence (section A.10), gifts and invitations policy (section A.15) etc.…
Why an ISO 37001 certification could be useful for SMEs
Although I believe the ISO 37001 to be first and foremost a useful reference for the development of an anti-bribery management system, there are still situations in which certification would bring additional advantages to SMEs.
I envisage two primary situations in which SMEs should consider certification:
- Certain multinationals send questionnaires to their potential suppliers and service providers on their commitment to doing business with integrity before any contract is signed. Completing these questionnaires is time consuming for the SMEs. In addition, multinationals do not send the same questionnaire, so an SME will often find itself obliged to repeat the exercise time and again. And the fact that an SME has successfully completed an integrity questionnaire for one multinational does not mean that it has qualified itself to work with other multinationals without completing their own versions of an integrity questionnaire. In this context, an ISO 37001 certification allows the SME to demonstrate to multinationals that a qualified, third party attests that the SME has implemented an anti-bribery management system which meets international best practices standards. ISO 37001 certification could reasonably reduce the amount of time SMEs spend on completing integrity questionnaires.
- The second instance I see in which an SME could benefit from an ISO 37001 certification involves situations in which an SME is bidding on a public or a private call for tender. In responding to a call for tender, where prices and offers of service are very similar amongst companies, a policy dedicated to social responsibility or a commitment to sustainable development makes the difference. Today, proof of an appropriate, effective anti-bribery management system, can set an SME apart from its competing bidders. ISO 37001 certification thus gives SMEs a comparative advantage.
In both cases, the advantages of an ISO 37001 certification form a real return on investment vis-à-vis the cost of an ISO 37001 audit.