ISO 37001 requires the organization to implement, in a
reasonable and proportionate manner, a series of measures which are designed to
help the organization prevent, detect and deal with bribery. The following summarizes
the key measures:
a) Implement an anti-bribery policy and supporting anti-bribery procedures (the ABMS).
b) Appoint a person with responsibility for overseeing
anti-bribery compliance by the organization (compliance function). This person
can be full-time or part-time, depending on the size of organization, and can
combine this responsibility with other responsibilities.
c) Ensure that responsibilities for ensuring compliance
with the anti-bribery policy and ABMS are effectively allocated and
communicated throughout the organization.
d) Ensure that the organization’s top management has overall responsibility for the implementation and effectiveness of the anti-bribery policy and ABMS, and provides the appropriate commitment and leadership in this regard.
e) Ensure that controls are in place over the making of
decisions in relation to more than low bribery risk transactions. The decision
process and the level of authority of the decision-maker(s) must be appropriate
to the level of bribery risk and be free of actual or potential conflicts of
interest.
f) Provide appropriate anti-bribery training and/or guidance to personnel on the anti-bribery policy and ABMS.
g) Implement appropriate vetting and controls over the
organization’s personnel designed to ensure that they are competent, and will
comply with the anti-bribery policy and ABMS, and can be disciplined if they do
not comply.
h) Ensure that resources (personnel, equipment and financial) are made available as necessary for the effective implementation of the ABMS.
i) Produce and retain appropriate documentation in
relation to the design and implementation of the anti-bribery policy and ABMS.
j) Undertake periodic bribery risk assessments and
appropriate due diligence on transactions and business associates.
k) Implement appropriate financial controls to reduce bribery risk.
l) Ensure that all other organizations over which it has control implement anti-bribery measures which are reasonable and proportionate to the nature and extent of bribery risks which the controlled organization faces.
m) Implement appropriate procurement, commercial and other non-financial controls to reduce bribery risk.
n) Require, where it is practicable to do so, and would
help mitigate the bribery risk, any business associate which poses more than a
low bribery risk to the organization to implement anti-bribery controls which
manage the relevant bribery risk.
o) Implement controls over gifts, hospitality, donations and similar benefits to prevent them from being used for bribery purposes.
p) Ensure, where practicable, that appropriate
anti-bribery commitments are obtained from business associates which pose more
than a low bribery risk to the organization.
q) Ensure that the organization does not participate in,
or withdraws from, any transaction where it can -not appropriately manage the
bribery risk.
r) Implement reporting (whistle-blowing) procedures which
encourage and enable persons to report suspected bribery, or any violation of
or weakness in the ABMS, to the compliance function or to appropriate
personnel.
s) Implement procedures to investigate and deal
appropriately with any suspected or actual bribery or violation of the ABMS.
t) Monitor, measure and evaluate the effectiveness of the
ABMS procedures.
u) Undertake internal audits at planned intervals which
assess whether the ABMS conforms to the requirements of ISO 37001 and is being
effectively implemented.
v) Undertake periodic reviews of the effectiveness of the
ABMS by the compliance function and top management.
w) Rectify any identified problem with the ABMS, and
improve the ABMS as necessary.
ISO 37001 has an Annex which contains guidance to help an organization implement an anti-bribery programme.
User questions & answers