Bribery risk can be managed within any company through the proper implementation of ISO 37001. Within the general measures of this standard can be determined: financial and commercial controls, risk assessment, due diligence in projects and business partners, among others; as well as specific steps through which an adequate delegation and monitoring is achieved. The implementation of this ISO represents a competitive advantage that generates confidence in the company’s owners, investors and customers.
Any company’s compliance program is composed of various pillars and elements, but the effectiveness and success of its implementation depends largely on the true corporate commitment to abide by ethical standards, compliance culture and integrity. The above, in order to identify the risks to which the organization is exposed in order to adopt the necessary prevention and control measures, as well as to control the work processes, associated tasks and to know the rules and regulations applicable to the company.
One of the points in which corporate social responsibility and regulatory compliance of the company acquires special relevance is related to the prevention of acts of corruption, such as bribery. The Dictionary of the Royal Spanish Academy defines the term “Bribery” as the act by which a person gives money or gifts to someone to get something illegally, and complementing the above definition, the International Organization for Standardization (hereinafter “ISO” for its acronym in English) defines bribery as: the offer, promise, giving, acceptance or solicitation of an undue advantage of any value (which may be of a financial or non-financial nature), directly or indirectly, and regardless of its location, in violation of applicable law, as an inducement or reward to a person to act or refrain from acting in relation to the performance of that person’s duties.
Thus, bribery is not a phenomenon that is alien to the private sector and the involvement of the company in the commission of this type of actions implies damage to the reputation and profitability of the company; without prejudice to the economic consequences that may result from the commission of these acts and other criminal liabilities.
In view of the above, a useful way to manage this risk is through ISO 37001, which aims to include an anti-bribery management system that tends to implement measures that the company must adopt to prevent bribery practices, either directly or indirectly by any member of the organization, regardless of the position and involving a personal benefit or for the organization.
The main measures included in the adoption of this system of voluntary standards include: the application of financial and commercial controls, risk assessment and due diligence on projects and business partners, adoption of an anti-bribery policy, reporting and investigation procedures and the appointment of a person in charge of supervising the correct operation. It should be noted that the above measures require the commitment of the company’s senior management, as well as the implementation of controls in situations of bribery risks and the awareness, training and dissemination of information to all members of the organization.
Having addressed this issue, the first step in implementing an anti-bribery management system, according to ISO 37001, is to analyze, identify and assess the risks to which the company is exposed. Thus, it is necessary to have the context of the organization in terms of its structure, size, legal obligations and understand the needs of the entity in order to determine the scope of the anti-bribery management system.
As a second step, it is of utmost importance the leadership and commitment of senior management in order to approve the anti-bribery policies to be implemented and provide adequate resources for its proper execution. It is also important that measures can be put in place to ensure that no member of the company will suffer retaliation for reporting the alleged commission of an act of bribery. Therefore, senior management should identify and take measures to control conflicts of interest and periodically review the decision-making process in relation to the risk posed to the company.
Now, when planning actions to prevent bribery in the company, actions and objectives must be implemented. For example, the actions must be concrete to prevent detect and respond to the processes implemented in the company to prevent bribery and the objectives must be measurable and achievable, related to the context of the organization. Thus, having identified the concrete actions and objectives, the planning should be oriented to know who will be responsible for managing the policy, what to do to prevent and manage the risk, the resources that will be needed and how to evaluate and communicate the results.
With regard to support and back-up, care must be taken to ensure that when implementing the system, all possible human, physical and financial resources are available, as well as to determine the general competence to verify the levels, procedures for receiving disciplinary measures, protecting and encouraging complaints and the correct implementation of due diligence. Likewise, it is important that there is a proper communication of the policy adapted to each role and the risks to which each position within the company is exposed, including a record of receipt.
As a next step, the ISO standard places special emphasis on the operation of the anti-bribery management system, establishing minimum controls for planning, implementing, reviewing and controlling the processes necessary to meet the requirements of the anti-bribery management system. In other words, the controls that the organization will have to prevent bribery, the information channels, the investigation process, the documentation of the information and the due diligence that will be necessary to apply must be defined.
In relation to anti-bribery controls, it is important that the organization can delimit the activities related to the organization and not implement those controls that tend to prevent the overall risk; that is, it cannot be required to implement controls when the company does not have a sufficient degree of influence with a supplier or customer. In such a way that the company must implement the procedure aimed at preventing the offer, provision and acceptance of benefits when they may be perceived as bribes.
Finally, performance evaluation and improvement are important factors that the ISO standard introduces in the implementation of the anti-bribery management system, since it is important that there can be monitoring, measurement and analysis of the methods used by the company and thus identify and evaluate the processes where there is a higher risk of bribery, in order to identify and implement those actions for continuous improvement.
Therefore, the implementation of the ISO 37001 anti-bribery management system provides the company with professionalism, represents a competitive advantage by generating confidence in owners, investors and customers, as well as helps to systematize an anti-bribery management system by applying minimum requirements and supporting guidelines for the application of existing controls. In addition, its implementation implies a defense tool against authorities in investigation processes, providing evidence that the organization has taken effective measures to prevent bribery. Therefore, in view of the context and size of the company, it is recommended to implement this type of voluntary standards with the proper support of someone specialized in the matter for its proper management and effectiveness.
 ISO Central Secretariat in Geneva. “Anti-bribery management system-Requirements with guidance for its use”.