Since its publication in October 2016 the ISO 37001 standard on Anti-Bribery Management Systems has been the subject of many comments as well as unfounded criticisms. Below I will address the three most common.
The ISO 37001 is a universal standard drafted by a working group – Technical Committee 309 – composed of delegations from 20 countries1. As a universal standard it cannot prioritize one national law over another. It does not specifically refer to the FCPA, nor does it refer to Italian law decree 231 or the UK Bribery Act for instance.
Nearly one year ago the EU Commission published the proposal for a Directive of the European Parliament and of the Council on the protection of persons reporting breaches of Union law (hereinafter: the whistleblower protection directive).
For compliance experts at the time, the publication of the UK Bribery Act Guidance in 2011 was revolutionary.
For the first time a national authority considered that what determined the quality of a compliance program was its appropriateness to identified risk. The issue of proportionate procedures (Principle n°1) is central to the Guidance. Why was this viewed as a revolution? - Because previously, due to the lack of clear guidelines, Compliance Officers were unsure as to where and to what extent they had to develop their anti-bribery program. They also had to be mindful of the possibility that in an instance of bribery a judge could consider the anti-bribery procedures inadequate leading to an accusation that management had been lax in its corruption prevention initiatives.
When I participated in the ISO/PC 278 working group which drafted the "Anti-Bribery Management Systems Standard", we had three objectives:
The difficulty was to design a standard which could be used by organizations of all sizes and from all sectors regardless if they were public, private or not-for-profit. This challenge is reflected in the sometimes-repetitive nature of the standard.
There were a number of noteworthy ISO 37001- Anti-bribery management system - related developments during 2018. Private sector certifications were particularly strong in Europe and Peru, UKAS (United Kingdom Accreditation Service) accreditations were obtained by several large certifying bodies, and Southeast Asia made significant ISO 37001 - related strides. Many US-focused service providers also saw a significant uptick in ISO 37001 inquiries during the last few months of the year. But particularly striking was the standard’s varied global public sector embrace.
Several trends are leading companies to increase the frequency of their internal investigations. Soon, internal investigations will no longer be the exception, but the rule.
The Compliance Officer must be prepared for this development which has three important consequences on: i) the confidential status of any information collected, ii) the protection of staff and iii) the credibility of the CCO and his or her compliance program.
GTT (Gaztransport & Technigaz), an engineering company specialised in the transport and storage of liquefied natural gas, received ISO 37001 certification for its anti-bribery management system in October 2018.
The official launch of the Tainted Assets Initiative took place on 15 November 2018 at the Basel Institute on Governance’s Conference on Collective Action. This event marks the formation of the Project’s secretariat at the Basel Institute.
With the support of the OECD Secretariat, this multi-stakeholder initiative aims to develop a practical resolution mechanism to enable companies and countries to address historic “taint”, such as a legacy of corruption, in assets they hold or wish to acquire or dispose of.
We are delighted to share the results of the 2018 edition of our WhistleB annual customer study on organizational whistleblowing.
This has been a year during which whistleblowing has truly been in the spotlight, receiving largely more positive attention from the media, organisational leaders and regulators alike. The main findings of this year’s customer survey reflect this more favourable view on whistleblowing.
Knowing that a compliance officer or other leader in the company will say “no” to a high-risk proposal, gives you the confidence to move faster in the business decision-making process.
To ensure that the company Compliance Officer becomes an internal business partner, it is important to advise on “how” things can be done instead of just placing obstacles by saying “no”.
Ledgers have always been used to keep track of operations and were stored in specific locations (accountant's office, banks, etc.). Following the computerization of data, ledgers were transferred into a digital format to improve efficiency and workload. But even digitalized ledgers were often concentrated in specific locations (local server or computer, etc.) .
What do others do? Where do I stand as compared to other companies in my sector? Can you provide me with benchmark data? Those were recurrent questions that I was asked as a Paris-based FCPA lawyer and academic.
Whistleblowers are key tools to uncovering unlawful activities and preventing corporate misconduct. However, according to the 2017 Eurobarometer on Corruption, 81% of individuals experiencing or witnessing corruption indicated that they have not reported it. Moreover, only 47% of the respondents knew where to report a case.
Many compliance managers have asked me if the fact that their business associates were certified ISO 37001 would relieve them of the responsibility of conducting further due diligence.
It is a relevant question which requires a detailed response.
The French National Prosecutor’s office recently concluded a deferred prosecution agreement with the Société Générale bank to settle suspicions it had paid bribes to foreign public officials. Société Générale was issued fines of 250,150,755 euros. For the first time since the entry into force of the Sapin II law, this resolution was coordinated with the US Department of Justice which also concluded a deferred prosecution agreement with the French bank based on the same facts.
Every act of corruption involves a conflict of interest. The receiver or corrupted individual acts in his own interest and not in that of the organization he represents.
At its core, anti-corruption is about your company’s values. What is the value that drives your company: that you have superior products and/or services that would improve your customers’ lives, or you need to cheat one deal at a time? Are you looking to a long-term future for both your company and the communities where it does business, or do you just want to make sure you get through today? I believe companies that have clear sense of their mission and long-term vision would be more competitive than those that focus on short-term deals and quick growth, because the long-term mission focus compels strategies and investments consistent with sustainable business growth.
Is it necessary to conduct due diligence on clients, and if so, how? I have been asked this question frequently over the past few months.
Conducting due diligence on third parties who work for or with the company is manifestly necessary and useful. If the third party represents a corruption risk, the risk can be mitigated with anti-corruption clauses, modifications to working conditions, anti-corruption training, more intensive monitoring or by demanding audit rights and subsequent controls.
The imminent general data protection regulation (GDPR) will be one of the most influential frameworks in the data privacy sector. Throughout Europe, data privacy will soon be harmonized by law. The regulation was adopted in April 2016 and its enforcement will be mandatory from May 2018 for companies processing personal data.
Compliance officers will be obliged to follow very specific procedures when handling personal data particularly as it pertains to issues of whistleblowing.
Modern working conditions rely heavily on digitally displayed workflows which produce huge amounts of data, forcing compliance officers, following the regulation, to handle and control European citizens’ personal data to prevent abuses.
France’s Supreme Court recently determined that double jeopardy isn’t a viable defense to prevent the prosecution of a company that had entered into a plea agreement for charges tried in another country
The decision by the Cour de Cassation, rendered on March 14, involved Swiss oil trader Vitol, which allegedly bribed the government of Iraq to obtain oil under the United Nations' Oil-for-Food program that ran from 1996 to 2003. Under that program, Iraq could sell oil on the open market to purchase humanitarian supplies for its citizens.