ISO37001 update: Revisiting the global standard for anti-bribery and corruption compliance with Jean-Pierre Mean
11 May 2020 9:02 am by Mark Dunn
With COVID-19 threatening economies and healthcare systems around the world, governments and businesses are being scrutinised for how they respond. Those who fail to demonstrate ethics and integrity are being exposed in the media. They can expect to lose the support of customers, employees and third parties, and ultimately risk going out of business. The ISO37001, a global standard introduced in 2016, allows companies to demonstrate ethics and integrity through their commitment to tackling bribery and corruption. We spoke to Jean-Pierre Mean, an anti-corruption lawyer who has played a leading role in the development and implementation of the standard.
What has your role been as the standard has developed?
I am working with the German accreditation body and participating in accreditation audits to decide if an organisation should be certified. This includes an audit of how it is organised, how it makes sure that information remains confidential, impartiality and things like this. If a company passes this audit, there is then a witness audit. I participate in both audits as an anti-corruption expert together with an evaluator from the accreditation body.
I am also the convenor (chair) of a working group of the ISO’s technical committee on governance, which looks at anti-bribery management systems. All ISO standards are reviewed after five years, but we are already starting to prepare this review [which is due in 2021].
How has the uptake of ISO 37001 been and how has it been received by companies?
There is a lot of interest worldwide with around 300 certifications by accreditation bodies that have been accredited by ISO, and more by non-accredited certifiers. Some of the biggest companies to be certified are UBS, who are certified worldwide, and Microsoft, who have two companies accredited in Romania and Hungary. In the certifications I have been involved in, companies recognised that what the standard required is really best practice. I have not experienced a company saying the requirements are not realisable.
Why do companies want to be certified?
There are different motivations. Some have had problems with corruption and want to be sure they have a solid system against corruption, both for themselves and to demonstrate to the world that they have cleaned up their act.
Another motivation is that certain organisations or even public administrations require companies to be certified. Certain African countries have wanted their finance departments certified so that they can show that they are not as corrupt as people may think. The Central Bank of Morocco wanted to demonstrate to partners and governments that they were implementing state-of-the-art anti-corruption measures.
Some governments are requiring or are going to require companies to be certified to take part in public works. Malaysia has a lot of certification for this reason. Malaysia is in the middle of the most immense corruption case involving the former Prime Minister, which has triggered a whole movement against corruption.
Tell us about the sizes, industries, and regions of organisations looking to be certified?
I have seen companies of all sizes, from huge companies like UBS and Microsoft to much smaller companies, like a small subsidiary company in the IT sector. All large companies that are active internationally should want to be certified, especially in sectors where they have contact with the public administration. But I have also seen a very good process for an IT company, even though their exposure to corruption is not huge. There have been several companies from Europe and North America, and also large interest from Malaysia.
Have companies seen benefits from implementing the standard?
It is too soon to say. I think the companies I have seen being certified are happy with the standard. In one case there was some tension because a company had appointed their head of marketing as their anti-corruption compliance officer. A person involved in acquiring clients is much more likely to turn a blind eye to corruption so we said they could not be certified. At first, they were not too happy, but they got an opinion from a professor who told them this is quite right. So, they accepted this, and it was an important decision which would not have been picked up if they had not gone through the process.
Have applicants been declined certification?
I have experienced one instance where this happened—it was a city and surrounding region that wanted to be certified and it was difficult because of the politics. The problem was not with corruption but implementing the structure in a political body. You have to have an anti-corruption lead with a certain authority which is a problem in a political structure because of whom that person should report to.
Moving to anti-bribery and corruption more generally, what do you think has been the effect of recent anti-bribery and corruption legislation?
Sapin II has changed the political landscape in France. The reason for Sapin II was that French companies had been prosecuted in the US, so the French said we’d rather have our own system so that we can say to the Americans when they want to prosecute a French company, ‘we can do it ourselves’. I think it has had an impact.
What about more broadly?
The origin of all these anti-corruption movements is the OECD Convention, which started in 1997 and is being revisited now. In 2000 there were no bribery cases, but now you have these huge cases like [Operation Carwash] in Brazil. This is a complete revolution. It’s not only in Brazil, it’s in Peru and Argentina and across South America. I think it is no longer possible for companies to do business as before and there has been a change of climate. In the last few years, we can see that corruption has become the focus in many countries.
Even in China, they have been quite interested in the development of the standard. They have invited and hosted a conference and a meeting on the standard in Shenzhen. When you talk to the people there, they understand what the problem is, so this has been a change of attitude.
What impact has this had on companies?
Large companies are quite aware that they cannot tolerate corrupt practices anymore. In the past, bribery was nearly a business model in some companies and now it is no longer the case