According to ISO’s most recent 2021 survey, ISO 37001 is becoming one of the most widely certified ISO management system standards. In 2022, there was noticeable anti-bribery management systems standard activity in certain sectors and geographies.
Oil and Gas Sector – Maritime Services. Several key participants will attain certification in Q1 2023 – from 2022 audit activities. Certain global energy company “majors” began communicating the benefits of the standard to their respective supply chains – which is being read by many business partners as “we need to do it.” A primary sector driver appeared to be the operating efficiency theme – a realization that 37001’s “speaking a common language” benefit eliminates the time and cost of negotiating bespoke anti-bribery terms and conditions. Sector RFP language requiring 37001 certification (either in place or in process) started to appear.
U.S. Activity. The gaming, luxury goods, construction, and government contracts sectors all saw activity – in addition to oil and gas services. This U.S. uptick was noticeable, but Europe (Italy, Spain, Greece, and Slovakia), Asia (Indonesia, Malaysia, Singapore, and South Korea), and Latin America (Peru, Mexico, Brazil, and Ecuador) still dominate in 37001 certifications.
From audits over several years, and particularly in 2022, several 37001 certification audit trends have become apparent:
DOJ’s Testing Priority. During 2022, senior DOJ representatives publicly and consistently emphasized the importance of program testing. 37001 can be one such effective testing technique. Several certification clients tested their mature ABAC programs (based on legal standards) by seeking 37001 (business standard) certification. The results? Control gaps were identified and resolved. Management teams became more integrated (and willingly) into anti-bribery oversight and participatory activities – because they now saw an understandable business approach to what had been a set of opaque legal requirements. From a personal perspective, the best part was seeing CCO “a ha moments” as they gained new operational insights.
ISO Management System Experience. Companies that are already ISO 9001 (Quality), ISO 14001 (Environment) and ISO 27001 (Info security) familiar have an easier time with the anti-bribery management system certification process. They understand and are, therefore, better able to apply the shared ISO management system approach of each of these standards to required controls, planning activities, documentation, and oversight. Organizations considering 37001 certification or alignment benefit from including colleagues with ISO management system expertise in their planning and implementation of the standard.
Begin at the beginning. Companies not already familiar with an ISO management system often try to tweak their ABAC programs to achieve 37001 certification, assuming that minor program changes will satisfy management system requirements. At best, this approach is problematic because controls are invariably missed. At worst, it can result in major non-conformance audit findings, and related delays, additional costs, and misunderstandings. The better approach is for CCOs to start with an anti-bribery management system (ABMS) clean slate, map the requirements from the existing program to the ABMS, and thereby both identify system gaps and learn the ISO approach in the process.
2023 Early Indicators. In the 37001 space during 2023, look for public announcements and continued interest from the global oil and gas sector; targeted Ukraine-related activity – preparing for eventual massive infrastructure rebuilding and financial aid flows; and continued recognition in various sectors (not just oil and gas) of 37001’s singular anti-bribery “common language” benefit.
The author would like to thank Anthony Mason of Parola (UK) who graciously contributed to this article.