The International Standards Organisation will this month issue a new standard that organisations and companies can use to certify their anti-bribery and corruption compliance procedures.
ISO 37001 has been agreed by standards bodies in 37 participating countries. These include the UK and US, whose anti-bribery and corruption legislation is already considered world-leading, but also countries such as Iraq, China, Cameroon, Brazil and India. The standard has been designed to comply with the relevant anti-bribery legal requirements in all of these countries.
For a company or institution to be ISO 37001-certified, it must implement a number of specific compliance measures. These requirements are along similar lines to guidance published by enforcement agencies in the US and the UK. For example, companies should implement an anti-bribery policy and programme, use due diligence to assess bribery risks, and put in place a process to deal with evidence of bribery.
A key principle behind the ISO 37001 is that the level of due diligence carried out on a particular entity should be adjusted depending on the perceived level of risk of corruption. This allows a company to judge what is "reasonable and proportionate", noting that "different types of business associates are likely to require different levels of due diligence".
So a low-risk company might only require minimal screening, while a company operating in a country or sector with a reputation for bribery should receive a high level of scrutiny. This is a practical approach which should encourage companies to improve their compliance procedures because it keeps costs of compliance down.
Even though so many international standards bodies have signed up to the ISO 37001, the certification will not mean that companies automatically avoid prosecution if they are found guilty of financial crime. The Monaco-based company Unaoil is currently under investigation by authorities in the US, UK and Australia for allegations of bribery to secure billions of dollars of government contracts in the Middle East and Africa. Yet Unaoil had been certified as a member of the anti-bribery accreditation agency Trace International every year since 2006. According to a report by Fairfax Media and the Huffington Post, Unaoil obtained false references from clients to convince Trace International that its activities were above board. The report says that the Trace certification "helped Unaoil pass the due diligence tests of Rollys Royce, Kellogg Brown & Root, Weir, Sulzer, Petrofac and MAN Turbo".
The clear lesson for companies is that simply putting in place anti-bribery and corruption measures is not enough: senior managers must be genuinely committed to the principle of compliance. There are good reasons to install a compliance culture. Not only does conviction for financial crime usually carry a heavy fine, but it also damages a company's reputation in the media, which can in turn affect its share price. Compliance can also help a business to grow. A report by MLex in March showed how Siemens built a culture of compliance which is now recognised as a positive growth enabler within the business.
If a company does put in place the measures required by the ISO 37001, and instils a culture of compliance from the top down, corruption is less likely to take place. While if it does take place, the compliance programme it will have in place could well lead to a reduced punishment from enforcement agencies. So the introduction of the ISO 37001 gives companies even less excuse for not taking financial crime seriously.