Putting the Do in Don’t: The New ISO 37001 Standard

Organizations can take steps against bribery by using familiar business tools found in the standard

Published: Wednesday, August 2, 2017 - 12:01

Bribery and corruption are a $1 trillion drain on the global economy and a door-shutting event for companies unable to prevent rogue acts from destroying a company’s entire reputation. If you think about it, managing bribery is a bit of an oxymoron. How do you manage something that hasn’t happened and you hope will never happen?

It’s like light bulbs: You only notice them when they burn out. Which can make things very, very dark for your company’s reputation and future business prospects. A single act of corruption anywhere in your organization can wipe out the trust you’ve worked so hard to build. Regaining that trust can be difficult, and in some instances, impossible.

Strong leadership and a visible commitment to ethical business practices are, historically, the primary business tools for preventing corruption. On the legal front, the U.S. Foreign Corrupt Practices Act (FCPA)—instituted in the 1970s—is the big stick for prosecuting corrupt business activity. Many companies have anti-corruption programs to support FCPA compliance.

But how do ethical, socially responsible organizations become more proactive? Can this whole topic be embraced as an opportunity as opposed to a problem?

Now, the answer is yes. With ISO 37001, the new standard and certification program that puts the do into don’t.

ISO 37001:2016—“Anti-Bribery Management Systems,” like its siblings from the ISO portfolio of management systems standards, sets forth a clear, no-nonsense framework that organizations can use to help prevent bribery. Importantly, it allows organizations to leverage FCPA program compliance time and money to get positive recognition for their efforts.

“It’s like boosting your immune system so you don’t get sick to begin with,” says Worth MacMurray, principal of Governance and Compliance Initiatives LLC. “The new ISO standard reduces bribery risk by taking organizational vigilance and supply-chain relationship oversight to a new level. And it provides a common ‘anti-bribery language’ that didn’t exist before, that can be used internally and externally.”

The ISO 37001 standard was published in late 2016 and is seeing strong adoption in Europe, where certification bodies were quick to enter the market with ISO 37001 auditing and certification services. Major certification bodies like DNV GL are expected to be ready to go in the Americas this fall. The process involves gaining accreditation from ANAB, the organization that governs the accreditation of certifying bodies in the United States, or similar organizations in other countries.

“The U.S. does not yet have any organizations certified by ANAB-accredited audit firms, but I expect that to change in the fall,” says MacMurray. “I’m in frequent communication with compliance officers, general counsel, and senior executives at mid- to large-sized global companies based in the U.S., and their interest is significant to say the least.”

Consistent with the structure of other ISO management systems standards, ISO 37001 has 10 chapters and allows organizations to adapt their documentation and audit procedures to best suit their needs, while complying with the standard’s requirements.

As with other ISO standards, an organization can, on its own, attempt to comply with the ISO 37001 standard, or it can choose to engage an independent certification body to certify its compliance. The latter option has the enormous advantage of providing visible, public “proof” from an independent third party that all the proper steps have been taken in the right way.

“It’s all about present and future business value,” says MacMurray. “Bribery is a toxic issue that destroys value. Its lifeblood is invisibility and opaqueness. Companies can help preserve and actually add value by taking the preventive and corrective anti-bribery steps outlined in ISO 37001 to support transparency and better-informed business decisions. An organization holding an ISO 37001 certification sends a strong message to customers, stockholders, lenders, and others that they have a globally respected system in place to prevent bribery and root out misbehavior.”

The threat of serious punishment—job dismissal, fines and/or imprisonment—remains a powerful deterrent. But with ISO 37001, organizations can take proactive steps that look and feel like other business tools with which they are familiar. It’s no longer just lawyers and compliance officers, but senior management, supply chain partners—literally all stakeholders of the organization now have a role in keeping things on track.

Common wisdom holds that sunshine is the best disinfectant. In that regard, given the toxic and potentially contagious nature of the problem it addresses—ISO 37001 is just what the doctor ordered. On Thurs., Aug. 10, 2017, join Todd Begerow, Eastern Territory manager for DNV GL Business Assurance North America; Worth MacMurray, principal of Governance and Compliance Initiatives LLC.; and Quality Digest’s editor in chief Dirk Dusharme for the webinar, “What is ISO 37001 and what are its benefits,” beginning at 9 a.m. Pacific and 12 noon Eastern. Register here.

About The Author

DNV GL

DNV GL enables organizations to advance the safety and sustainability of their business. It provides classification, technical assurance, software, and independent expert advisory services to the maritime, oil and gas, and energy industries. It also provides certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology, and in-depth industry knowledge, it empowers its customers’ decisions and actions with trust and confidence. It continuously invests in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, its professionals are dedicated to helping customers make the world safer, smarter, and greener.