ISO 37001. Anti-bribery management system.

About internal and external issues that are relevant to the organization. About stakeholders (or interested) parties and their needs and expectations relevant for the anti-bribery management system of the organization.

About what is included in the anti-bribery management system. The scope can cover the whole organization (activities, locations) or only part of it.

About the bribery risk assessment. The metholodogy for this assessment. Examples of bribery risks that the organization can consider.

About how vital it is for the senior management of the company to support the anti-bribery system. How should senior management demonstrate its leadership and commitment.

The anti-bribery policy is the document that illustrates the commitment of senor management to support and improve the anti-bribery management system.

The top management of the organization is responsible to assign roles, responsibilities and authorities to relevant personnel. About the anti-bribery compliance function, requirements and responsibilities for this position. About delegated decision-making.

The organization shall identify and address risks and opportunities for improvement of the anti-bribery management system. A few examples of risks and opportunities.

About setting anti-bribery objectives and planning actions for their achievement. What are the requirements of ISO 37001 for the anti-bribery objectives.

The top management of the company shall provide the resources for the anti-bribery management system (people with the competence needed and the time available), financial resources and physical resources

About how the organization shall ensure that its personnel has the required competence. Methods to fill the gap between existing and required competence. The employment process including the pre-employment investigation (due diligence on personnel) and what this investigation should cover. The disciplinary process. About performance bonuses and other incentives. Conflicts of interest and the bribery risks that come along.

The organization shall ensure the periodic awareness and training of its personnel on anti-bribery topics.

The top management is responsible to ensure that effective internal and external communication processes.

The anti-bribery management system shall be supported by documented information (manuals, policies, procedures, regulations, etc). How much documentation should the anti-bribery management system include. What are the controls for documented information.

About the due-diligence process for transactions, activities, projects or relationships with business associates that pose a more than low bribery risk. What aspects should the due-diligence include.

Examples of financial controls meant to record transactions completely, accurately and on time to help reduce bribery risks.

Examples of non-financial controls for different processes like: operational, purchasing, commercial, etc meant to prevent and detect bribery.

About what is the organization required to do in order to prevent and detect bribery by organizations under its control as well as by its business associates.

About the fact that the organization shall require its business associates with a more than low bribery risk to provide written anti-bribery commitments.

About the policies of the organization that  refer to gifts, hospitality, travel, donations, sponsorships and other benefits. Examples of possible controls for the offering and receiving of such benefits so that they do not constitute or be perceived as constituting bribery.

About what the organization is required to do in situations where there are bribery risks that cannot be managed properly using the existing anti-bribery controls, if those controls cannot be improved or replaced with more effective ones.

About the whistleblowing process for reporting cases of actual, attempted or suspected bribery or any sort of violations of the anti-bribery controls. What are the requirements of ISO 37001 with regards to the whistleblowing process and on the protection of those raising the concerns.

About the process of investigating reported, detected or suspected bribery cases. Who initiates and who coordinates the investigation process. Requirements of ISO 37001 for the investigation process. Possible methods to deal with bribery cases.

What are facilitation payments? Are they bribery or not? An organization with an anti-bribery management system in place can allow facilitation payments? About extortion payments and what the organization shall do if confronted with such situations.

About how to monitor and measure the performance of the anti-bribery management system. Possible KPIs for the anti-bribery performance.

About the internal audits of the anti-bribery management system. What are the requirements of ISO 37001 with regards to the internal audits. About the audit programme, the audit plans, reports and the principle of independence.

About the review of the anti-bribery management system performed by the top management, plus the review of the governing body and the continual review of the anti-bribery compliance function.

About how the organization shall deal with nonconformities in the anti-bribery management system. What are corrective actions and what is their purpose. How to improve continually the anti-bribery management system.

A recapitulation of what is required in order to have an anti-bribery management system that conforms to the requirements of ISO 37001:2016.

A few final words on ISO 37001.

A simple quiz to test your knowledge in the field of anti-bribery management system