Search

Editors

Harry Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Richard L. Cassin Editor at Large

Elizabeth K. Spahn Editor Emeritus 

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« China healthcare compliance is still a ‘donations’ minefield | Main | Hawaii businessman pleads guilty to FCPA offense »
Wednesday
Feb132019

Three predictions for the future of ISO 37001

2018 was an eventful year in ISO 37001’s adoption journey. The anti-bribery standard’s flexibility was demonstrated through a variety of first-time (for ISO 37001) public and private sector uses.

The Brazilian and Danish prosecutors’ use of ISO 37001 in bribery settlement agreements, and the Korean Pharmaceutical and Bio-Pharma Manufacturers Association assistance to its 194 members with a phased ISO 37001 adoption approach, for example. 

 Brazil, Italy and Peru lead in terms of the number of certified ISO 37001 organizations. The United States, as is normal with ISO standard adoption, has been slower to appreciate ISO 37001’s value.

What to expect concerning ISO 37001 adoption and evolution in 2019?

This question was posed to senior executives within the community that best knows the world of standard certifications (some have been in the field for over a hundred years) -- the accredited certifying bodies (CBs) that are performing ISO 37001 anti-bribery management systems audits on a global basis.

The CBs’ predictions and themes for this year?

1. Organizations will better understand the symbiotic relationship between ISO 27001 (Information Security Management Systems) and ISO 37001

Bruno Samuel, Executive Director, Sales & Marketing, North America for DNV-GL highlights ISO 37001’s particular value for organizations that have adopted other ISO management system standards. “ISO 37001 uses the same structure for implementation as certain other ISO standards, such as Information Security Management Systems -- ISO 27001 or ISO 9001 -- Quality Management Saystems. This feature allows organizations to easily leverage the work done in other areas and implement an Anti-Bribery Management System which can encompass the entire organization and integrates with other management systems.”

Observation: As with 2018, many U.S. corporate Boards in 2019 will apply priority oversight to two organizational risk management areas: anti-bribery and cybersecurity. ISO 27001 certification demand has dramatically increased in recent years, particularly in the government contracting, manufacturing, IT and professional services sectors -- as one indicia of cyber preparedness. Boards (and management teams) of companies that are ISO 27001, ISO 14001 (Environmental Management Systems) or 9001-certified can use the same familiar ISO management system structural “lens” to review and manage anti-bribery activities by adopting ISO 37001. 

2. ISO 37001 will become recognized as a tool for stabilizing partner ecosystems

Scott Lane, President at ETHIC Intelligence notes “if organizations can push down certification requirements to their partners, they can pass the costs (and time) associated with screening third parties to the third parties themselves. This will make third parties responsible for representing their commitment to anti-bribery, as a pre-requisite for working with reputable organizations.”

David Muil, VP of Global Business Development, Business Assurance at Intertek adds: “Given the nature of what is happening in the industry and things that are coming to light with risk mitigation and brand protection, you are going to see this become a contractual requirement of doing business from organizations. The industry is already seeing it now with governments in some parts of the world who have mandated on their RFQs that you must be compliant to the intent of ISO 37001.”

Observation: For cost and general bribery risk management reasons, expect this “shifting” trend to continue in 2019.

For companies, this practice is particularly attractive to those with global operations and a large supplier base.

In the public sector, this activity may offer advantages to governmental organizations within countries farther down the TI CPI Index (e.g. lesser-developed countries with abundant natural resource holdings) -- making relative improvements to a project anti-bribery environment through enlisting commercial partner commitment to ISO 37001.

3. The public sector will continue to creatively influence the standard’s adoption 

The global public sector creatively embraced ISO 37001 in 2018. “Soft” forms of adoption were used in Indonesia, Malaysia, Singapore and Peru; governmental entities in those countries officially recognized the standard and encouraged its adoption. Brazil, Denmark and Singapore used “hard” forms: ISO 37001 certification was required by prosecutors as a condition of bribery allegation settlement.

For governmental entities that are within countries or regions with historically high bribery risk, using ISO 37001 provides distinct advantages. It allows them to project the power of ISO -- the globally- respected standards body -- and its bribery management system, incorporating both applicable law and leading global anti-bribery practices and procedures.

And as noted by the General Counsel of ISO 37001-certified Alstom, Pierrick Le Goff in ICC Netherlands’ “Integrity” publication, "[i]n a globalized economy, the ISO 37001 certification can provide a standardized tool for public bodies to assess the quality of the anti-bribery programs of their bidders."

Observation: For classic “standardization advantage” reasons -- e.g. efficiency, quality, cost-savings, certainty -- and building on the momentum from 2018, the public sector will continue to play a significant, if not driving,  role in ISO 37001’s evolution in 2019 and beyond. Over time, certain public sector “suggestions” in some locales and/or sectors may evolve into “recommendations” before finally becoming “requirements.”

 _____

Worth MacMurray, pictured above, was formerly general counsel of several public IT companies, a leader within PwC’s DC anti-corruption office and is now Principal at Governance & Compliance Initiatives. He is PECB Certified as both an ISO 37001 Lead Auditor and ISO 37001 Lead Implementer. He can be contacted here.

Reader Comments (1)

Worth – We all share an interest in promoting effective anti-bribery compliance systems, and if ISO 37001 does that, it is a good thing. But I hope that there is also serious consideration of some of the serious issues surrounding the standard and its associated processes. For example, the standard allows companies to outsource their entire compliance program; for anyone who has done compliance work this is simply wrong. It also fails to require that there be a top manager or executive officer as a compliance officer (full or part time); also a wrong direction. Certification is not as positive a process as it should be, given that this standard is not dealing with simple corporate processes, but with prevention of criminal activity. Having larger companies and government purchasers promote compliance programs down the supply line is a good idea, but there is a serious risk that this can become a box ticking exercise and excuse for bigger companies not to do the appropriate due diligence on their suppliers. I have no doubt that if companies picked a certification auditor who was diligent and had extensive experience dealing with bribery (like some of those I have interviewed) to conduct their reviews they would have to meet a tough standard, but I have major doubts that all of those offering to do certification reviews will be anywhere near that level of diligence.

In an extensive analysis I have tried to review both the pros and cons associated with ISO 37001. See Joseph E. Murphy, The ISO 37001 anti-corruption compliance program standard: What’s good, what’s bad, and why it matters (2019) http://tinyurl.com/y6yf8myc (posted on the publicly-available SSRN).
Before companies and governments adopt the standard and certification it is worth asking some of the difficult questions that arise from the way it is drafted and the way the processes operate. Maybe in the case of fighting bribery, ISO’s usual approaches should be re-considered.

Regards, Joe Murphy, CCEP
February 13, 2019 | Unregistered CommenterJoe Murphy
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.