The ISO 37001 is a new anti-bribery standard that could significantly help businesses thrive in a challenging global environment. It won’t open any pod bay doors, but it brings to organizations a much-needed level of anti-bribery guidance, combined with meaningful incentives for standard adoption. And it’s applicable to all institutions, regardless of size, structure, geography, or jurisdiction.
Bribery and other forms of corruption continue to plague business and society. According to the World Bank, some $1.5 trillion is paid globally in bribes each year, a figure that dwarfs the value of economic assistance. The result? An unlevel playing field and such adverse consequences as lack of competition, kleptocracies, delivery of sub-standard goods and services, price distortions, and wasted foreign aid contributions.
How has enforcement in the US changed?
The US DOJ and SEC are doing more to demonstrate transparency during enforcement actions and hope that companies, their management and boards will be convinced that it is in their best interest to disclose acts of corruption voluntarily and follow disclosure up with full cooperation. At the same time, it is impossible not to notice the continuing rise in corporate penalties for companies convicted of corruption offenses.
The cost of maintaining a corporate compliance program that adheres to applicable anti-bribery legal standards, including FCPA, is also high. Small- to medium-sized companies are often effectively shut out of certain markets because of compliance costs. Even for a larger company, compliance costs increase as it tailors its compliance program to meet differing expectations of key customers, partners, or suppliers, or when expanding into new geographies.
Investigation expenses triggered by Department of Justice (DOJ) and/or Securities and Exchange Commission (SEC) FCPA inquiries can reach astronomical sums, as Walmart is presently experiencing. Walmart’s recently filed 10K showed FCPA-related investigation expenditures of $296 million over the last three fiscal years for matters that are still active. In 2016, $2.43 billion in FCPA-related corporate fines and penalties was collected by the DOJ and SEC.
How can we make it easier for companies to establish and maintain anti-bribery programs in such a complex climate?
Two anti-corruption experts and members of the U.S. Technical Advisory Group (TAG) that helped create ISO 37001 believe that the new standard – with its practical emphasis – is the solution. Worth MacMurray, a Principal at Governance & Compliance Initiatives and Senior Advisor at the Ethisphere Institute, points out that companies can now leverage FCPA anti-corruption program costs and existing program activities to obtain ISO 37001 certifications as a marketable product.
Judd Hesselroth, the Chair of the US TAG for ISO 37001 and Director in Microsoft’s Office of Legal Compliance, notes that an internationally developed, a political standard that uses a “common anti-bribery language” not only equips an organization to improve its own anti-bribery program, it also empowers the organization to benchmark the anti-bribery programs of others in its value chain. Equally important, the standard provides customers and shareholders the ability to better understand a company’s commitment to compliance and allows them to feel more secure about whether the company is operating responsibly when it comes to anti-corruption. ISO 37001 adoption further enables the organization to align with international expectations.
How does ISO 37001 work?
The standard specifies in detail and in plain English (rather than “legalese”) what goes into an anti-bribery management system, and then provides a voluntary certification mechanism for systems that pass an independent audit. It is designed to help organizations of all sizes continuously improve their systems. ISO 37001 is based on leading legal and non-legal practices and emphasizes “operationalizing compliance” through the use of such standard business tools as risk assessments, process, measurement, and monitoring. It guides through “here is what’s necessary and here’s how to do it” rather than dictating through “thou shalt not.”
The new standard is gaining traction. This past March, Microsoft announced plans to adopt ISO 37001. Hesselroth points out that the company believes ISO 37001 has potential value for organizations as well as society. Microsoft is encouraging organizations, regardless of industry, to adopt the new standard and participate in constructive discussions with governments around the world regarding how ISO 37001 can be applied to more effectively combat corruption, appropriately differentiating between organizations that have an accredited 37001 certification and those that don’t.
Walmart also recently announced that it is considering adoption of the standard. MacMurray predicted that other U.S. companies will make adoption announcements during 2017 as the revenue generation and cost-savings benefits of certification become more widely appreciated.
What does it mean for business?
If you do business overseas and wish to (finally) get positive recognition for your FCPA program and other anti-corruption efforts, consider applying ISO 37001 as a creative anti-bribery tool.
There may be advantages to getting ahead of the curve: Singapore and Peru have already endorsed ISO 37001 for use in public procurements; other governments and multilateral financial bodies may follow suit; and several US-based multi-nationals are considering the standard both for internal use and as a supply chain requirement.
Voluntary adoption of ISO 37001 is now available to global companies. It is possible that in the not-too-distant future such adoption of anti-bribery systems may become mandatory.
Richard Levick, Esq.
Chairman and CEO