The International Organization for Standardization (ISO) last year (2016) has published a new standard, which allows organizations and companies to certify their compliance measures against bribery and corruption.
ISO 37001 has been confirmed by the national standardization organizations of the 37 participating countries. These include, for example, the UK and the US, whose legislation on the prevention of bribery and corruption is already a world leader, but also countries like Iraq, China, Cameroon, Brazil and India. The standard has been designed to fit the relevant bribery prevention laws of all these countries.
For a company or institution to be ISO 37001-certified, a number of compliance measures must be taken. The requirements are consistent with similar directives published by the executive authorities in Great Britain and the USA. For example, companies should implement anti-bribery strategies and programs, assess bribery risks through due diligence, and introduce a process to properly deal with proven bribery.
Focus on different types of risk
One of the most important principles of ISO 37001 is that the extent of due diligence to specific entities should be adapted to the respective corruption risk assessed. This allows companies to decide what is appropriate and appropriate. Different types of business partners generally also require different types of due diligence.
Thus, for a low-risk company, a minimal review might be sufficient, while a company active in a country or industry with a high risk of bribery would also require a high degree of review. This practical approach is intended to encourage companies to improve their compliance processes. Because the adjustments can keep compliance costs low.