ISO 37001 is an international standard focused on anti-bribery management systems. Published in 2016, it specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system. The system can be standalone or integrated into an organization’s existing management systems, such as ISO 9001 or ISO 14001. Its primary goal is to help organizations prevent, detect, and respond to bribery while complying with applicable anti-bribery laws and voluntary commitments.

Applicability and scope

• ISO 37001 is applicable to all organizations, regardless of size, sector (public, private, or not-for-profit), or geographical location.
• It specifically addresses bribery in various forms:
  • Bribery by or of the organization, its personnel, or its business associates.
  • Direct and indirect bribery, including bribery conducted through third parties.
• The standard does not directly address broader corrupt practices like fraud, cartels, money laundering, or other anti-competition offenses, although organizations may choose to extend the scope of their anti-bribery management system to include these activities.

Key requirements

Organizations implementing ISO 37001 must:

1. Establish anti-bribery policies: Develop and communicate a clear anti-bribery policy outlining the organization’s commitment to combating bribery.
2. Conduct risk assessments: Identify and assess bribery risks relevant to their operations, projects, and business relationships.
3. Implement controls and procedures:
   • Perform due diligence on business associates and transactions.
   • Establish financial and non-financial controls to mitigate bribery risks.
   • Institute reporting and investigation procedures for suspected bribery incidents.
4. Appoint an anti-bribery compliance officer: Assign responsibility for overseeing the anti-bribery management system to a designated individual or team.
5. Provide training and awareness: Educate employees and business partners about anti-bribery policies, procedures, and legal requirements.
6. Regular monitoring and auditing: Conduct audits and reviews to ensure compliance and identify areas for improvement.
7. Take corrective actions: Address nonconformities and improve the system based on findings from audits, risk assessments, or bribery incidents.

Recent updates

The 2024 amendment (ISO 37001:2016/Amd 1:2024) introduced requirements for organizations to consider whether climate change is a relevant issue in their anti-bribery system. This addition highlights the evolving focus of standards to address broader governance and sustainability concerns.

Benefits

Adopting ISO 37001 offers several advantages:

• Demonstrates a strong commitment to ethical business practices, enhancing credibility and trust with stakeholders.
• Helps organizations comply with anti-bribery laws and international agreements, such as the OECD Anti-Bribery Convention and the UN Convention against Corruption.
• Reduces bribery-related risks, protecting the organization’s reputation and financial stability.
• Encourages a culture of integrity, transparency, and compliance within the organization.

Additional notes

• ISO 37001 follows the "High-Level Structure" (HLS) used in other ISO management system standards, making it easier for organizations to integrate it with systems like ISO 9001 (Quality Management) and ISO 14001 (Environmental Management).
• While compliance with ISO 37001 demonstrates robust anti-bribery practices, it cannot guarantee that bribery will not occur. The standard focuses on implementing reasonable and proportionate measures based on the organization’s bribery risk profile.

For further details, visit the official International Organization for Standardization (ISO) page about ISO 37001 - Anti-Bribery Management Systems.