ISO 37001: 2016 Anti-bribery Management Systems

Implementing an ISO 37001 Anti-Bribery Management System through a systematic and comprehensive approach provides public administration organizations with a solid foundation for reducing the risk of bribery and, conversely, for strengthening bribery prevention by adopting measures derived from the requirements of the standard.

SEE ALSO

• Implementation of QMS

---

STN ISO 37001: 2019 Anti-Bribery Management Systems. Requirements with guidance for use

The ISO 37001 standard specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and continually improving an Anti-Bribery Management System. The system may operate as a standalone framework or be integrated into an existing management system, particularly where the public administration organization already applies another management system.

With respect to the organization’s activities, ISO 37001 focuses on the following areas:

• Bribery in the public, private, and non-profit sectors,
• Bribery committed by the organization itself,
• Bribery committed by the organization’s personnel acting on its behalf or for its benefit,
• Bribery committed by the organization’s business associates acting on its behalf or for its benefit,
• Bribery targeting the organization,
• Bribery of the organization’s personnel in relation to its activities,
• Bribery of the organization’s business associates in relation to its activities,
• Both direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

ISO 37001 deals exclusively with bribery. It sets out requirements and provides guidance for developing a management system designed to help organizations prevent, detect, and respond to bribery, and to comply with applicable anti-bribery laws and voluntary commitments. The requirements of ISO 37001 apply to all organizations (or parts thereof), regardless of type, size, or nature of activity, and irrespective of whether they operate in the public, private, or non-profit sector.

When an organization adopts ISO 37001 as a voluntary commitment, the standard outlines the following key procedures in particular:

• Assessment of conflicts of interest for designated persons,
• Management of bribery and corruption risks,
• Ensuring compliance with the anti-bribery policy and defining penalties for non-compliance,
• Preventing retaliation, discrimination, and disciplinary action against whistleblowers,
• Due diligence and assessment of the trustworthiness of individuals before employment or transfer to medium- and high-risk positions,
• Regular verification of the trustworthiness of personnel in medium- and high-risk positions,
• Determining appropriate compensation for medium- and high-risk employees in relation to corruption risk,
• Declarations of compliance with the anti-bribery policy,
• Professional anti-bribery training and awareness activities for employees and business associates,
• Financial management activities,
• Non-financial management activities,
• Identification of anti-bribery management measures applicable to business associates and controlled organizations,
• Requiring business associates to implement anti-bribery management measures,
• Securing commitments and declarations from business associates,
• Terminating relationships with business associates where necessary,
• Establishing and implementing a gift policy, including controls over gifts, hospitality, donations, and similar benefits,
• Managing deficiencies in anti-bribery management activities,
• Establishing procedures for reporting bribery,
• Ensuring confidentiality and protection of whistleblower identity,
• Investigating and addressing instances of bribery,
• Conducting internal audits of the Anti-Bribery Management System,
• Regularly reviewing results related to the system, primarily based on anti-bribery objectives,
• Continuous improvement of the Anti-Bribery Management System.