ISO 37001 - Anti-Bribery Management Systems Certification Consulting and Auditing Services
Click here to view Spark's 20-minute introduction to ISO 37001 Certification and get answers to your most frequently asked questions.
Click here to read Kristy's FCPA Blog article as Singapore officially adopts the ISO 37001 Standard
As governments throughout the world increasingly enforce their anti-bribery laws, often resulting in significant fines, penalties and reputational damage, no organization can afford to ignore the risk of bribery. In October 2016, the International Standards Organization published ISO 37001 - Anti-bribery management systems, a standard that specifies a series of measures in order to help organizations prevent, detect and address bribery. ISO 37001 is the first international standard addressing best practices for an anti-bribery program, addressing both bribery by the organization and bribery of the organization. The standard is designed to be used by public, private, and non-profit organizations anywhere in the world and is suitable not only for large organizations, but for small and medium-size enterprises as well.
Becoming ISO 37001 certified is the best way to ensure that your organization is doing all that it can to prevent and address instances of bribery and to demonstrate to personnel, business associates, stakeholders and the public that your organization is committed to preventing bribery. Requiring business associates to be ISO 37001 certified provides additional protection for organizations who want to ensure that their third parties are not engaging in acts of bribery and can serve as evidence that an organization engaged in proper due diligence when contracting with third parties.
ISO 37001 REQUIREMENTS
ISO 37001 certification is granted to an organization who meets, or goes beyond, the minimum requirements set forth in ISO 37001, taking into account, as the standard dictates, that an organization's anti-bribery program should be reasonable and proportionate to the nature and extent of the bribery risks the organization faces. The reasonable and proportionate qualification in the standard means that small and medium-sized organizations, or organizations with a relatively low risk of bribery, may not need to implement the same level of measures and controls as a large organization or an organization with a high risk of bribery.
To obtain ISO 37001 certification an organization must have the following anti-bribery measures and controls in place:
- A bribery risk assessment
- Anti-bribery objectives
- An anti-bribery policy
- Governing body and top management oversight and demonstrated commitment to combating bribery
- An anti-bribery compliance function
- Awareness and training around the anti-bribery policy and anti-bribery program
- Anti-bribery procedures and controls, including:
- Due diligence on personnel, projects and transactions, and business associates with more than a low-level risk of bribery
- Policies and procedures relating to gifts, entertainment, hospitality, travel charitable or political donations, or other benefits as appropriate
- Financial controls
- Reporting procedures, including a non-retaliation policy
- Investigation procedures
- Continuous monitoring and periodic audits, including documenting non-conformities and implementing corrective action when needed
- Continuous efforts to improve the anti-bribery program
How Spark compliance consulting can help
Spark offers seminars, webinars, and an ISO 37001 certification guide for organizations considering 37001 certification. Spark also offers personalized consulting services to organizations who want to prepare for ISO 37001 certification, assisting from the beginning stages through the audit process as needed. All of Sparks consultants have extensive expertise in anti-bribery programs and specific knowledge of the requirements of ISO 37001.