Diana Treveley: Kangaroos and Compliance: A Trip to Sydney to Develop New Compliance Standards and an ISO 37001 Handbook

I was on top of the world in the Land Down Under earlier this month, where I had the privilege of joining the best and the brightest in the compliance profession to discuss guidelines for best practices, including the only global anti-bribery standard, ISO 37001.

Our mission?  To develop three new compliance standards and create an ISO 37001 Handbook.  

ISO TC-309, as the committee is called, is organized under ISO, the International Organization for Standardization.  The committee is comprised of delegates from over 48 participating member countries and 17 observing member countries – a truly global effort! For our annual meeting, Standards Australia generously hosted delegates from over 27 countries for five days in Sydney, supplying conference rooms for the four different working groups meeting simultaneously – and loads of coffee. 

While some people in the United States don’t understand the importance of the ISO 37001-Anti-Bribery Management Systems standard, standards in other countries are incredibly important.  Policy-makers use the standards as the driving force behind new legislation, regulatory bodies audit and benchmark companies they are reviewing against the standards, and many companies treat the standards – certifiable or not – as de-facto requirements for their organization.  

We are working on several key initiatives that every compliance officer should know about:

Brand New Compliance Standards

ISO TC-309 is developing two new standards:

  • Guidelines for the Governance of Organizations (ISO 37000) 

  • Guidelines for Whistleblowing Management Systems (ISO 37002)

The standards will consist of global best practices and will provide companies with a template for imbedding good compliance practices into operations.  Expect to see these standards published in several years’ time.

A Certifiable Compliance Program Standard

Our committee is working to turn ISO 19600-Guidelines for Compliance Management Systems, into a certifiable standard.  The new standard, which will be renamed as ISO 37301-Compliance Management Systems-will include more rigorous requirements.  Like ISO 37001, a company will be able to have their program certified by an independent certification body if they meet all the requirements set forth in the standard.  As with ISO 37000 and ISO 37002, the publication of this standard is still several years away.

An ISO 37001 Handbook

And last but certainly not least, we spent much of the week working on an ISO 37001 Handbook!  The Handbook, which we aim to have published next year, is designed to guide small and medium-sized businesses in implementing an anti-bribery management system proportionate to their bribery risk.  The Handbook will improve the accessibility of certification to more and more businesses, as it instructs companies on best practices and provide case studies and examples of how to implement the requirements set forth in the standard.  Many thanks to the leader of this working group, Jean-Pierre Méan, who patiently read through mountains of material and moderated our comments and debates on precise wording.

As ISO standards expand further into the Compliance world with the new whistleblowing and corporate governance standards and a certifiable compliance standard, compliance officers will find new and exciting ways to prove that their programs meet best practices and global regulatory expectations.