In October 2016 the International Standards Organisation issued the ISO 37001, a new standard that organisations and companies can use to certify their anti-bribery and corruption compliance procedures. Six months on, the standard has been adopted by variety of companies and organisations in many countries.
The ISO 37001 was agreed by standards bodies in 37 countries and it is already being promoted by many countries across the world. This month, Peru became the first Latin American country to implement the standard. One reason given for this is that in 2015 the country lost nearly $4 billion because of misappropriation of public funds, bribery and other types of corruption. The government of Montreal in Canada has appointed someone to analyse and propose how to apply the principles of the ISO 37001 to the city. Earlier this month, Singapore's Corrupt Practices Investigation Bureau (CPIB) launched the Singapore Standard, which is based on the ISO 37001. The standard has also been widely adopted in the Middle East and North Africa. Colin Keeney of Deloitte notes that six of the 37 countries involved in crafting the standard came from this region.
The number of companies adopting the standard looks set to continue to increase over the next year. In January, Compliance Week magazine found that 56% of business surveyed plan to begin the process of certification in the next year. This rising demand is shown by the fact that courses to teach firms how to implement the standard have already been set up in France, Dubai, Singapore and Canada. A five-day course at the École de technologie supérieure (ETS) in Montreal is taught by two former directors of the police force for the province of Quebec. It has also been reported that several companies have begun to pursue ISO 37001 certification after they faced enforcement action for bribery offences.
The ISO 37001 is intended to be a flexible standard that can be used by different types of entities of varying sizes. It requires organisations to implement "reasonable and proportionate policies, procedures and controls", so a company with a long list of suppliers, or which operates in an industry or country with a high risk of corruption, should invest more heavily in their compliance programme.
So far, the standard has lived up to this intention. It has been implemented by public bodies in countries like Peru and Singapore and by large, small and medium-sized companies. It is even being used to improve anti-bribery and corruption systems in sport, having been applied by the Finnish Centre for Integrity in Sport. Given the growing pressure on international sports organisations to root out bribery and corruption, there have been calls for other sporting bodies to seek ISO certification in the future.
The first six months of the ISO 37001 have proved that it is not simply a way for a company to avoid prosecution if it is found guilty of financial crime. One of the first companies to obtain the certification was the Italian multinational oil and gas firm Eni. Less than two weeks later, its CEO was arrested on bribery and corruption charges. So companies must use ISO 37001 certification as a way to genuinely improve their ability to prevent and detect bribery and corruption.
The jury is still out on the effectiveness of the standard. Firstly, it will depend on how widely it is adopted. If a majority of companies in a particular industry are ISO 37001 certified, others will come under pressure from shareholders to do the same thing. Otherwise a rival, certified firm will be seen as more trustworthy and therefore a better prospect to invest in. Secondly, the standard will be more effective if governments require companies to be certified in order to be eligible for public procurement contracts. In Peru, state ministries can determine whether the ISO 37001 is required for companies to win public contracts. Only time will tell if these things happen.