ISO 37001 is an International standard for organisation’s to reduce bribery and corruption. The number one focus of it is to address bribery by the organisation, its personnel as well as business associates.
It addresses only bribery – not other forms of corruption or fraud. It endeavours to apply to any organization. So, who should implement it?
The standard is designed for organizations of all sizes and provides a set of guidelines that are consistent with best practices used by multinationals.
So, ISO 37001 should be at least considered by any company that conducts business outside of Australia, regardless of size and industry. The standard has been carefully designed for broad application and to be used either on its own or in conjunction with existing management systems. Because it is widely known, then adopting it publicly can help assure customers and business partners that a solid anti-bribery system in place. It can also reduce your liability if bribery happens involving an employee, contractor, or associate.
Because of its broad application and the fact that it is designed to assist a company establish their own policies, it can be adopted by companies of all types. It adds an air of neutrality that might not be visible if only applying Australian standards or, worse, if applying U.S. standards because they seem to be more reasonable.
So, why would you not want to do it?
First of all, the ISO guidance tells you to apply different levels of due diligence to different types of business associates, but gives no advice as to how. This is a large hole in the standard that may require input from other sources – and may cause issues if a third party decides to use it as an audit standard, or even for internal audits.
Also, implementing ISO 37001 may result in the need to change existing practices however this is less likely to be a concern for Australian companies, but more likely if you operate across multiple jurisdictions. The very people who need an international standard the most are likely to be the ones having the most problems implementing it across their various divisions.
On the other hand, it may help with compliance with certain Australian regulations. For example, it may help with the requirement to have “proper compliance controls and procedures” to avoid being charged under proposed laws that create a new offense of simply allowing foreign bribery. This law would put businesses on the hook if an employee attempts to bribe a foreign public official – and will make it vital for Australian businesses operating overseas to have good policies and training in place. As a recognized international standard, ISO 37001 may help with this. This means thatISO 37001 may, in fact, be the easiest way for Australian businesses who operate or do a lot of business overseas, and for foreign businesses with a strong Australian presence to implement the kind of anti-bribery systems needed to protect them from the impact of this law.
if you already have a system which works which is further away from the standard, especially if you only do domestic business, then implementing the standard may be more work than is strictly needed.
The takeaway is that all companies which do business outside Australia should look over the new ISO 37001 standard and determine whether adopting it is a good idea for them – and with the way the laws are moving, it is likely to be good for almost all companies involved in foreign trade.