ANTI-CORRUPTION / ISO 37001 : Preventing corruption between private and public organizations

Excerpt from session:

Corruption is one of the main problems to sustainable economic, political and social development. It undermines public trust in government and private companies, causes injustice, creates inefficiencies in operations, obstructs ability to retain quality staff and/or attract business investment, and wastes resources and money. It is estimated that the cost of corruption equals more than 5% of global GDP or 2.6 trillion USD (OECD, 2014), with over 1 trillion USD paid in bribes each year (World Bank, 2017). If unrestrained, corruption affects societies in a multitude of ways. The cost of corruption can be divided into four main categories:

  • 1. Economic
  • 2. Environmental
  • 3. Political
  • 4. Social

New standard for preventing bribery and corruption in business: ISO 37001 Anti-Bribery Management System standard was created by the International Organization for Standardization (ISO) to help organizations increase and measure their efforts against bribery and corruption.

To a large degree, the components of the standard mirror many of the steps set forth in:

  • The U.S. Foreign Corrupt Practices Act (FCPA)
  • Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD)
  • Anti-Corruption Ethics and Compliance Handbook for Business (OECD)
  • UK Bribery Act 2010
  • The British Ministry of Justice’s Adequate Procedures document
  • The ISO 37001 – Anti-Bribery Management System is certainly one of the most complete set of requirements to build an anti-corruption framework for any kind of business. It certifies that organization has implemented reasonable and proportionate measures to prevent bribery. These measures involve top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

    Corporate/private sector

    Anti-corruption compliance plays a vital role for companies in contracting at a global market trying to expand their business across borders and attract potential investors and business partners for the long term. Such companies are expected to ensure not just the integrity of their own operations but also the conduct of their suppliers, distributors, and agents wherever they may be. That leads to avoidance of high-risk actions that can result in prosecutions and significant fines followed by loss of share value and reputation.

    Public sector organizations

    Public sector organizations play critical roles, often interacting directly with the public they serve. They include utility service providers, license issuing authorities and other regulatory bodies. These are vulnerable areas where authority is concentrated with weak financial positions that must fulfill the needs of both the service provider and its users. Such public sector organizations can benefit from implementation of ISO 37001 to control bribery and corruption for enhancement of their productivity level and play an improved role in the socio-economic development of their country.

    Government departments

    The government is a major stakeholder in socio-economic development of a country, hence it makes laws, regulations, and establishes departments to check and control bribery and corruption. Bribery damages economic growth and creates social problems, including depression, a sense of injustice and deprivation. However, in many developing countries, anti-corruption laws and regulations are either weak or implemented unevenly, providing no results. And government-led steps or campaigns to fight corruption remain ineffective, while bribes continue to be accepted as part of doing business. However, the menace of bribery and corruption can be mitigated through implementing ISO 37001 standard, which provides safeguards within a management system, rather than temporary measures or mere slogans.

    Main Takeaways:

    • The history behind ISO 19600 and ISO 37001
    • The logic of ISO 19600 and ISO 37001
    • How ISO 37001 or ISO 19600 help prevent corruption (in the private and public sector)
    • How ISO 37001 or ISO 9600
    • Build confidence between public and private organization
    • Foster public adhesion to political/administrative decisions
    • Why is ISO 19600 a good start for Public administration

    Speakers corner / Preface to session

    ZEC 2018: In your opinion, what’s the future for ISO 37001 in public sector, especially in local governance and municipalities? Is the politics an obstacle or support for adoption and successful implementation of ISO 37001?

    Philippe: An administration that would be IS0 37001 certified would demonstrate that it has taken appropriate steps to prevent corruption. One of the most distinctive feature of ISO 37001 is that it can be used both by private and public sector. In other word an ISO 37001 certified administration may decide to work mainly with companies that are also ISO 37001 certified. At ETHIC Intelligence, we see a growing number of companies that are willing to be ISO 3700 certified in order to gain competitive advantage when responding for public call for tenders. We also start to see municipalities working to be prepared for certification as they consider this will reinforce public confidence in their management and operations.
    I do not see politics being an obstacle. We have been recently approached by a political party willing to be certified. We have suggest them to work mainly on the ISO 19600 standard which has a broader scope : compliance at large.

    ZEC 2018: From the perspective of risk mapping, what’s the difference in implementing ISO 37001 in public vs. private company?

    Philippe: A company has to address two risks : the risk that an employee offers a bribe for instance to obtain a contract (active corruption) and the fact that an employee accept a bribe to favour a supplier (passive corruption).
    Where companies have two risks of corruption, administration have only one risk to prevent which is passive corruption. Tools to prevent the offering side or the receiving side of bribery are different. Therefore anti-corruption compliance program for municipalities will not be similar to a compliance program implemented by a company, even if the obey to same logic and principles of an Anti-Bribery Management System.

    ZEC 2018: How do you compare ISO 19600 and ISO 37001 in terms of prevention from the corruption?

    First ISO 19600 covers all compliance related issues : anti-bribery, export control, anti-money laundering… whereby ISO 37001 is limited to anti-bribery. It means that if an organization is interested in ISO 19600, it should first decide according which perimeter it wants to be audited. For instance we recently audited a National Electricity Provider for “anti-fraud and anti-bribery compliance” according to ISO 19600. But ISO 19600 can also be limited only to anti-bribery.
    Second, ISO 19600 is a standard based on guidelines whereby ISO 37001 is a standard based on requirements. ISO 19600 allows a third party to audit an organisation with a view to benchmark its compliance system according to guidelines. ISO 37001 allows a third party to audit an organisation with a view to verify whether it complies or not with all the requirements of the standard. In the first case the third party will issue an “audit certificate according to ISO 19600”. In the second case it will issue a “certificate of conformity to ISO 37001”.
    The difference is that an organisation willing to be certified according to ISO 37001 can “fail” because the auditor considers that one requirements is not appropriately fulfilled. An organisation willing to be audited according to ISO 19600 cannot fail, as the auditor will evaluate the organisation according to guidelines, which are often more ambitious than requirements.
    It should be noted that ISO 19600 and ISO 37001 have terms of reference which are based on the same ISO “High Level Structure” . This means that an ISO 19600, whose scope is limited to anti-bribery, has terms of reference which are very similar to the ISO 37001.
    For public administrations who are considering an anti-bribery certification, I recommend to start with an ISO 19600, limited to anti-bribery. As the auditor will be benchmarking the anti-bribery management system, it will be easy for the organisation to assess what might need to be improve in order to be – later on – successfully audited and certified according to ISO 37001.