2018 was an eventful year in ISO 37001’s adoption journey. The anti-bribery standard’s flexibility was demonstrated through a variety of first-time (for ISO 37001) public and private sector uses.
The Brazilian and Danish prosecutors’ use of ISO 37001 in bribery settlement agreements, and the Korean Pharmaceutical and Bio-Pharma Manufacturers Association assistance to its 194 members with a phased ISO 37001 adoption approach, for example.
Brazil, Italy and Peru lead in terms of the number of certified ISO 37001 organizations. The United States, as is normal with ISO standard adoption, has been slower to appreciate ISO 37001’s value.
What to expect concerning ISO 37001 adoption and evolution in 2019?
This question was posed to senior executives within the community that best knows the world of standard certifications (some have been in the field for over a hundred years) — the accredited certifying bodies (CBs) that are performing ISO 37001 anti-bribery management systems audits on a global basis.
The CBs’ predictions and themes for this year?
1. Organizations will better understand the symbiotic relationship between ISO 27001 (Information Security Management Systems) and ISO 37001
Bruno Samuel, Executive Director, Sales & Marketing, North America for DNV-GL highlights ISO 37001’s particular value for organizations that have adopted other ISO management system standards. “ISO 37001 uses the same structure for implementation as certain other ISO standards, such as Information Security Management Systems — ISO 27001 or ISO 9001 — Quality Management Saystems. This feature allows organizations to easily leverage the work done in other areas and implement an Anti-Bribery Management System which can encompass the entire organization and integrates with other management systems.”
Observation: As with 2018, many U.S. corporate Boards in 2019 will apply priority oversight to two organizational risk management areas: anti-bribery and cybersecurity. ISO 27001 certification demand has dramatically increased in recent years, particularly in the government contracting, manufacturing, IT and professional services sectors — as one indicia of cyber preparedness. Boards (and management teams) of companies that are ISO 27001, ISO 14001 (Environmental Management Systems) or 9001-certified can use the same familiar ISO management system structural “lens” to review and manage anti-bribery activities by adopting ISO 37001.
2. ISO 37001 will become recognized as a tool for stabilizing partner ecosystems
Scott Lane, President at ETHIC Intelligence notes “if organizations can push down certification requirements to their partners, they can pass the costs (and time) associated with screening third parties to the third parties themselves. This will make third parties responsible for representing their commitment to anti-bribery, as a pre-requisite for working with reputable organizations.”
David Muil, VP of Global Business Development, Business Assurance at Intertek adds: “Given the nature of what is happening in the industry and things that are coming to light with risk mitigation and brand protection, you are going to see this become a contractual requirement of doing business from organizations. The industry is already seeing it now with governments in some parts of the world who have mandated on their RFQs that you must be compliant to the intent of ISO 37001.”
Observation: For cost and general bribery risk management reasons, expect this “shifting” trend to continue in 2019.
For companies, this practice is particularly attractive to those with global operations and a large supplier base.
In the public sector, this activity may offer advantages to governmental organizations within countries farther down the TI CPI Index (e.g. lesser-developed countries with abundant natural resource holdings) — making relative improvements to a project anti-bribery environment through enlisting commercial partner commitment to ISO 37001.
3. The public sector will continue to creatively influence the standard’s adoption
The global public sector creatively embraced ISO 37001 in 2018. “Soft” forms of adoption were used in Indonesia, Malaysia, Singapore and Peru; governmental entities in those countries officially recognized the standard and encouraged its adoption. Brazil, Denmark and Singapore used “hard” forms: ISO 37001 certification was required by prosecutors as a condition of bribery allegation settlement.
For governmental entities that are within countries or regions with historically high bribery risk, using ISO 37001 provides distinct advantages. It allows them to project the power of ISO — the globally- respected standards body — and its bribery management system, incorporating both applicable law and leading global anti-bribery practices and procedures.
And as noted by the General Counsel of ISO 37001-certified Alstom, Pierrick Le Goff in ICC Netherlands’ “Integrity” publication, “[i]n a globalized economy, the ISO 37001 certification can provide a standardized tool for public bodies to assess the quality of the anti-bribery programs of their bidders.”
Observation: For classic “standardization advantage” reasons — e.g. efficiency, quality, cost-savings, certainty — and building on the momentum from 2018, the public sector will continue to play a significant, if not driving, role in ISO 37001’s evolution in 2019 and beyond. Over time, certain public sector “suggestions” in some locales and/or sectors may evolve into “recommendations” before finally becoming “requirements.”
Worth MacMurray, pictured above, was formerly general counsel of several public IT companies, a leader within PwC’s DC anti-corruption office and is now Principal at Governance & Compliance Initiatives. He is PECB Certified as both an ISO 37001 Lead Auditor and ISO 37001 Lead Implementer. He can be contacted here.